Alexandra Dmitrienko
Prof. Dr.-Ing. Alexandra Dmitrienko
Head of Secure Software Systems Research Group
Chair of Software Engineering (Informatik II)
Department of Computer Science
University of Würzburg
Informatics Building, Room A115
Am Hubland
D-97074 Würzburg, Germany
Phone: +49 (931) 31 81667
Fax.: +49 (931) 31 86603
Email: alexandra.dmitrienko@uni-wuerzburg.de
Research Interests
Research Statement
In today's world of ubiquitous digitization, many physical objects, such as our homes, production facilities and even critical infrastructure get connected to networks, and become smarter through data collection and application of artificial intelligence (AI) and machine learning (ML) methods. This unavoidably poses new challenges to security and privacy. In my research, I aim to address new challenges and relevant research questions, such as:
- How to secure new systems, while facing ever growing complexity of software and protocols, large-scale deployments, cost requirements and absence of common standards?
- How to improve security of systems and networks using employment of AI and ML methods, while preserving privacy-friendly collection of training data?
- How to develop sustainable security methods that would be capable of adjusting to new security risks in the future, even in 20 years (typical life span of a car)?
Publications
-
MirageFlow: A New Bandwidth Inflation Attack on Tor. in To appear soon at the Network and Distributed System Security Symposium (NDSS) (2024).
- [ BibTeX ]
- [ BibSonomy-Post ]
-
FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning. in To appear soon at the Network and Distributed System Security Symposium (NDSS) (2024).
- [ BibTeX ]
- [ BibSonomy-Post ]
-
Automatic Adversarial Adaption for Stealthy Poisoning Attacks in Federated Learning. in To appear soon at the Network and Distributed System Security Symposium (NDSS) (2024).
- [ BibTeX ]
- [ BibSonomy-Post ]
-
CrowdGuard: Federated Backdoor Detection in Federated Learning. in To appear soon at the Network and Distributed System Security Symposium (NDSS) (2024).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
AuthentiSense: A Scalable Behavioral Biometrics Authentication Scheme using Few-Shot Learning for Mobile Platforms. in Network and Distributed System Security Symposium (NDSS) (2023).
- [ BibTeX ]
- [ BibSonomy-Post ]
-
Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning. in To appear at the Network and Distributed System Security Symposium (NDSS) (2023).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Avoid Adversarial Adaption in Federated Learning by Multi-Metric Investigations. in ArXiv | arXiv.2306.03600 (2023).
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
CROSSCON: Interoperable IoT Security Stack - The RISC-V Opportunity. in RISC-V Summit Europe, Barcelona (2023).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
G-Scan: Graph Neural Networks for Line-Level Vulnerability Identification in Smart Contracts. in arXiv:2307.08549 (2023).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
TorMult: Introducing a Novel Tor Bandwidth Inflation Attack. in ArXiv | arXiv.2307.08550 (2023).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Metadata-based Malware Detection on Android using Machine Learning. in ArXiv | arXiv.2307.08547 (2023).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Security of NVMe Offloaded Data in Large-Scale Machine Learning. in European Symposium on Research in Computer Security (ESORICS) (2023).
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
MESAS: Poisoning Defense for Federated Learning Resilient against Adaptive Attackers. in ACM Conference on Computer and Communications Security (CCS) (2023).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
ClearMark: Intuitive and Robust Model Watermarking via Transposed Model Training. in ArXiv | arXiv:2310.16453v1 (2023).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier. in USENIX Security (2022).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
An Experience Report on the Suitability of a Distributed Group Encryption Scheme for an IoT Use Case. in IEEE 95th Vehicular Technology Conference (VTC) (2022).
- [ BibTeX ]
- [ BibSonomy-Post ]
-
Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient Mitigations. in ACM Transactions on Privacy and Security (TOPS) (2022).
- [ Abstract ]
- [ BibTeX ]
- [ BibSonomy-Post ]
-
Ransomware Detection in Databases through Dynamic Analysis of Query Sequences. in IEEE Conference on Communications and Network Security (CNS) (2022).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
A Survey on Secure Group Communication Schemes with Focus on IoT Communication. in IEEE Access (2022).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Close the Gate: Detecting Backdoored Models in Federated Learning based on Client-Side Deep Layer Output Analysis. in ArXiv | arXiv:2210.07714 (2022).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
FedCRI: Federated Mobile Cyber-Risk Intelligence. in The Network and Distributed System Security Symposium (NDSS) (2022).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient Mitigations. in Cryptology ePrint Archive, Report 2022/875 (2022). (2022/875)
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Towards a Cryptography Benchmark: A View on Attribute Based Encryption Schemes. in 2022 5th Conference on Cloud and Internet of Things (CIoT) (2022).
- [ BibTeX ]
- [ BibSonomy-Post ]
-
Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges. in IEEE Transactions on Emerging Topics in Computing (2022).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Digital contact Tracing solutions: Promises, Pitfalls and Challenges. in ArXiv I arXiv 2202.06698v2 (October 2022) (2022).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges. in Cryptology ePrint Archive (2022).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Benchmarking of Pre- and Post-Quantum Group Encryption Schemes with Focus on IoT. in IEEE 40th International Performance Computing and Communications Conference (IPCCC) (2021).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Performance Evaluation for a Post-Quantum Public-Key Cryptosystem. in IEEE 40th International Performance Computing and Communications Conference (IPCCC) (2021).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
RIP StrandHogg: A Practical StrandHogg Attack Detection Method on Android. in 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2021).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Sound Smart Contract Security Testing with Just One Tool. in CyberSec&AI 2021 (2021).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Increasing Security in Satellite Networks. in 72nd International Astronautical Congress (IAC) (2021).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Vision: Challenges & Opportunities. in Vision Paper of the Private AI Collaborative Research Institute (2021).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Security and Privacy Aspects of Digital Contact Tracing. Thesis; University of Würzburg. (2021, October).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Towards a Group Encryption Scheme Benchmark: A View on Centralized Schemes with focus on IoT. in ACM/SPEC International Conference on Performance Engineering (ICPE) (2021).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning. in ArXiv | arXiv:2103.12607v1 (2021).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers. in Network and Distributed System Security Symposium (NDSS) (2021).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
Contact Tracing by Giant Data Collectors: Opening Pandora’s Box of Threats to Privacy, Sovereignty and National Security. (2020).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
Evaluating the Performance of a State-Of-The-Art Group-oriented Encryption Scheme for Dynamic Groups in an IoT Scenario. in IEEE 28th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) (2020).Acceptance Rate: 27%
- [ Abstract ]
- [ BibTeX ]
- [ BibSonomy-Post ]
-
Evaluating the Performance of a State-of-the-Art Group-oriented Encryption Scheme for Dynamic Groups in an IoT Scenario. in IEEE 28th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) (2020).Acceptance Rate: 27%
- [ Abstract ]
- [ BibTeX ]
- [ BibSonomy-Post ]
-
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps. in TrustCom, Security Track (2020).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
LegIoT: Ledgered Trust Management Platform for IoT. in European Symposium on Research in Computer Security (ESORICS) (2020).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers. in Cryptology ePrint Archive, Report 2020/1119 (2020).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps. in ArXiv | arXiv:2006.05914v2 (2020).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
SIMPL: Secure IoT Management Platform. in ITG Workshop on IT Security (ITSec) (2020).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization. in Annual Computer Security Applications Conference (ACSAC) (2019).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
Hands off my Database: Ransomware Detection in Databases through Dynamic Analysis of Query Sequences. in ArXiv | arXiv:1907.06775v1 (2019).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
POSTER: Efficient and Effective Ransomware Detection in Databases. in 34th Annual Computer Security Applications Conference (ACSAC) (2018).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
SmarTor: Smarter Tor with Smart Contracts: Improving resilience of topology distribution in the Tor network. in Annual Computer Security Applications Conference (ACSAC) (2018).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization. in ArXiv | arXiv:1709.09917v2 (2017).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Software grand exposure: SGX cache attacks are practical. in In 11th USENIX Workshop on Offensive Technologies (WOOT 17) (2017).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
Software Grand Exposure: SGX Cache Attacks Are Practical. in ArXiv | arXiv:1702.07521v1 (2017).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
-
Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation (distinguished paper award). in ACM Conference on Information, Computer and Communications Security (AsiaCCS) (2017).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Secure Free-Floating Car Sharing for Offline Cars. in ACM Conference on Data and Application Security and Privacy (CODASPY) (2017).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
POSTER: Secure Free-Floating Car Sharing for Offline Cars (an outstanding poster award). in ACM Conference on Data and Application Security and Privacy (CODASPY) (2017).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
μchain: How to Forget without Hard Forks. in IACR Cryptology ePrint Archive (IACR) (2017).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
Phonion: Practical Protection of Metadata in Telephony Networks. in Proceedings on Privacy Enhancing Technologies (PoPETs) (2017).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
POSTER: Phonion: Frustrating Telephony Metadata Analysis. in Network and Distributed System Security Symposium (NDSS) (2016).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Security and Privacy Aspects of Mobile Platforms and Applications. Thesis; TU Darmstadt. (2015, April).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Market-driven Code Provisioning to Mobile Secure Hardware. in Financial Cryptography and Data Security Conference (FC) (2015).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Security Analysis of Mobile Two-Factor Authentication Schemes. in Intel Technology Journal (ITJ) (2014).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
On the (in)security of mobile two-factor authentication. in CASED TUD-CS-2014-0029 (2014).
- [ BibTeX ]
- [ BibSonomy-Post ]
-
POSTER. Bitcoin2Go: Secure Offline and Fast Payments with Bitcoins. in Financial Cryptography and Data Security Conference (FC) (2014).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
On Offline Payments with Bitcoin. in Workshop on Bitcoin Research (BITCOIN’14) (2014).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
On the (In)Security of Mobile Two-Factor Authentication. in Financial Cryptography and Data Security Conference (FC) (2014).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Key2Share for Authentication Services. in SmartCard Workshop (SRC) (2014).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Mobile Platform Security in Synthesis Lectures on Information Security, Privacy, and Trust 2013 (2013). (Vol. 4) Morgan & Claypool.
- [ Abstract ]
- [ BibTeX ]
- [ BibSonomy-Post ]
-
Do I know you? - Efficient and Privacy-Preserving Common Friend-Finder Protocols and Applications. in Annual Computer Security Applications Conference (ACSAC) (2013).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Just-In-Time Code Reuse: The More Things Change, the More They Stay the Same. in BlackHat USA (2013).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
CrowdShare: Secure Mobile Resource Sharing. in International Conference on Applied Cryptography and Network Security (ACNS) (2013).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization (best student paper award). in IEEE Symposium on Security and Privacy (S&P) (2013).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Gadge Me If You Can: Secure and Efficient Ad-hoc Instruction-Level Randomization for x86 and ARM. in ACM ASIA Conference on Computer and Communications Security (AsiaCCS) (2013).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
CrowdShare: Secure mobile resource sharing. in TUD-CS-2013-0084 (2013).
- [ BibTeX ]
- [ BibSonomy-Post ]
-
POSTER: Secure Smartphone-based NFC-enabled Car Immobilizer (an outstanding poster award). in ACM Conference on Data and Application Security and Privacy (CODASPY) (2013).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Smart Keys for Cyber-Cars: Secure Smartphone-Based NFC-Enabled Car Immobilizer. in ACM Conference on Data and Application Security and Privacy (CODASPY) (2013).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
Over-the-air Cross-Platform Infection for Breaking mTAN-based Online Banking Authentication. in BlackHat Abu Dhabi (2012).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
XIFER: A Software Diversity Tool Against Code-Reuse Attacks. in ACM International Workshop on Wireless of the Students, by the Students, for the Students (MOBICOM) (2012).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
SmartTokens: Delegable Access Control with NFC-enabled Smartphones. in International Conference on Trust and Trustworthy Computing (TRUST) (2012).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones. in Network and Distributed System Security Symposium (NDSS) (2012).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
-
Towards Taming Privilege-Escalation Attacks on Android. in Network and Distributed System Security Symposium (NDSS) (2012).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Securing the Access to Electronic Health Records on Mobile Phones. in Biomedical Engineering Systems and Technologies (BIOSTEC) (2011).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
POSTER: Control-Flow Integrity for Smartphones. in ACM Conference on Computer and Communications Security (CCS) (2011).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Practical and Lightweight Domain Isolation on Android. in ACM Workshop on Security and Privacy in Mobile Devices (SPSM) (2011).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones. in ACM Workshop on Scalable Trusted Computing (STC) (2011).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
A Security Architecture for Accessing Health Records on Mobile Phones. in International Conference on Health Informatics (HEALTHINF) (2011).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
POSTER: The Quest for Security against Privilege Escalation Attacks on Android. in ACM Conference on Computer and Communications Security (CCS) (2011).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
CFI Goes Mobile: Control-Flow Integrity for Smartphones. in International Workshop on Trustworthy Embedded Devices (TrustED) (2011).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Trusted embedded System Operating System (TeSOS) - Study and Design. in HGI-TR-2011-004 (2011).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks. in TR-2011-04 (2011).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
TruWalletM: Secure Web Authentication on Mobile Platforms. in International Conference on Trusted Systems (INTRUST) (2010).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Privilege Escalation Attacks on Android. in Information Security Conference (ISC) (2010).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Return-Oriented Programming without Returns. in ACM Conference on Computer and Communications Security (CCS) (2010).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Key Attestation from Trusted Execution Environments. in International Conference on Trust and Trustworthy Computing (TRUST) (2010).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Return-Oriented Programming without Returns on ARM. (HGI-TR-2010-002), (2010).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Trusted Virtual Domains - Design, Implementation and Lessons Learned. in International Conference on Trusted Systems (INTRUST) (2009).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
-
Zigbee-to-TCP/IP Gateway: New Opportunities for ZigBee-based Sensor Networks. in International Workshop on Ambient Intelligence and Embedded Systems (AmiEs) (2007).
- [ BibTeX ]
- [ BibSonomy-Post ]
-
WIZnet W3150A network co-processor: New features for embedded devices. in Components and Technologies (2006).
- [ BibTeX ]
- [ BibSonomy-Post ]