Introducing Janus: a hierarchical multi-blockchain access control system for policy based access to shared resources
It is very often the case that critical data or critical devices are co-managed by stakeholders from different domains. Any access to such resources should ideally be transparent to all stakeholders involved, and the access itself should comply with any policies set by the resource owner(s). However, this is not what usually happens in today's systems.
Securing the building blocks of embedded software
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
CENSUS has been investigating for some time now the exploitation potential of Man-in-the-Disk (MitD)  vulnerabilities in Android. Recently, CENSUS identified two such vulnerabilities in the popular WhatsApp messenger app for Android . The first of these was possibly independently reported to Facebook and was found to be patched in recent versions, while the second one was communicated by CENSUS to Facebook and was tracked as CVE-2021-24027 . As both vulnerabilities have now been patched, we would like to share our discoveries regarding the exploitation potential of such vulnerabilities with the rest of the community.
Using program instrumentation to identify security bugs (Oπe\n conf 2020)
On November 7, 2020 I had the pleasure of doing a gentle introduction to program instrumentation to an audience of mostly developers at the "Oπe\n conf 2020" conference. The presentation showed how instrumentation could be used to identify security bugs in software, but also how to protect production binaries from exploitation through program instrumentation.