Mathias Payer

Mathias Payer studied computer science at ETH Zurich and received his master's degree in 2006. He then joined the Laboratory for Software Technology of Thomas R. Gross at ETH Zurich as a PhD student and graduated with a thesis on secure execution in 2012, focusing on techniques to mitigate control-flow hijacking attacks.Payer, M.J., 2012. Safe loading and efficient runtime confinement: A foundation for secure execution (Doctoral dissertation, ETH Zurich). [https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/72818/eth-5810-02.pdf PDF] In 2010, he was working at Google as software security engineer in the anti-malware and anti-phishing team, where he was dedicated detecting novel malware. In 2012, he joined Dawn Song's BitBlaze group at University of California, Berkeley as a postdoctoral scholar working on the analysis and classification of memory errors.{{Cite book|last1=Szekeres|first1=L.|last2=Payer|first2=M.|last3=Tao Wei|last4=Song|first4=Dawn|title=2013 IEEE Symposium on Security and Privacy |chapter=SoK: Eternal War in Memory |date=2013-06-25|chapter-url=https://ieeexplore.ieee.org/document/6547101|location=Berkeley, CA|publisher=IEEE|pages=48–62|doi=10.1109/SP.2013.13|isbn=978-0-7695-4977-4|s2cid=2937041}} In 2014, he received an appointment as Assistant Professor from Purdue University, where he founded his research laboratory, the HexHive Group.{{Cite web|title=Purdue University - Department of Computer Science -|url=https://www.cs.purdue.edu/people/faculty/mpayer/|access-date=2020-09-30|website=www.cs.purdue.edu}} In 2018 he moved to EPFL as an assistant professor in Computer Science and received tenure in 2021. {{Cite web |title=15 new professors appointed at ETH Zurich and EPFL – ETH Board |url=https://ethrat.ch/en/15-new-professors-appointed-at-eth-zurich-and-epfl/ |access-date=2022-11-30 |language=en-US}} The HexHive Group is now located on the Lausanne Campus of EPFL.{{Cite web|title=HexHive|url=https://hexhive.epfl.ch/|access-date=2020-09-30|website=hexhive.epfl.ch}}

Payer's research centers on software and systems security. He develops and refines tools that enable software developers to discover and patch software bugs, and thereby rendering their programs for resilient to potential software exploits. To reach this goal Payer employs two strategies. The first one are sanitization techniques that point to security issues of factors such as memory, type safety and API flow safety, and thereby enabling more salient products.{{Cite journal|last1=Gurses|first1=Seda|last2=Diaz|first2=Claudia|date=2013-03-03|title=Two tales of privacy in online social networks|url=https://ieeexplore.ieee.org/document/6493309|journal=IEEE Security & Privacy|volume=11|issue=3|pages=29–37|doi=10.1109/MSP.2013.47|s2cid=3732217|issn=1540-7993|url-access=subscription}}{{Cite journal|last1=Burow|first1=Nathan|last2=Carr|first2=Scott A.|last3=Nash|first3=Joseph|last4=Larsen|first4=Per|last5=Franz|first5=Michael|last6=Brunthaler|first6=Stefan|last7=Payer|first7=Mathias|date=2017-04-13|title=Control-Flow Integrity: Precision, Security, and Performance|journal=ACM Computing Surveys|language=en|volume=50|issue=1|pages=1–33|doi=10.1145/3054924|s2cid=1688011|issn=0360-0300|doi-access=free}}{{Citation|last=Payer|first=Mathias|title=HexPADS: A Platform to Detect "Stealth" Attacks|date=2016|url=http://link.springer.com/10.1007/978-3-319-30806-7_9|work=Engineering Secure Software and Systems|series=Lecture Notes in Computer Science|volume=9639|pages=138–154|editor-last=Caballero|editor-first=Juan|place=Cham|publisher=Springer International Publishing|doi=10.1007/978-3-319-30806-7_9|isbn=978-3-319-30805-0|access-date=2020-09-30|editor2-last=Bodden|editor2-first=Eric|editor3-last=Athanasopoulos|editor3-first=Elias|url-access=subscription}} The second are fuzzing techniques that create a set of input data for programs by combining static and dynamic analysis. The novel input data set extend and complement the set of existing test vectors. Using this newly created input data helps to uncover exploitable vulnerabilities, such as control-flow integrity making use of specific language semantics, requiring type integrity, and safeguarding selective data.{{Cite journal|last1=Reilly|first1=Jack|last2=Martin|first2=Sébastien|last3=Payer|first3=Mathias|last4=Bayen|first4=Alexandre M.|date=2016-06-13|title=Creating complex congestion patterns via multi-objective optimal freeway traffic control with application to cyber-security|journal=Transportation Research Part B: Methodological|language=en|volume=91|pages=366–382|doi=10.1016/j.trb.2016.05.017|doi-access=free}}{{Cite journal|last=Payer|first=Mathias|date=2019-03-25|title=The Fuzzing Hype-Train: How Random Testing Triggers Thousands of Crashes|url=https://ieeexplore.ieee.org/document/8674043|journal=IEEE Security & Privacy|volume=17|issue=1|pages=78–82|doi=10.1109/MSEC.2018.2889892|s2cid=90263473|issn=1540-7993|url-access=subscription}}{{Cite book|last1=Peng|first1=Hui|last2=Shoshitaishvili|first2=Yan|last3=Payer|first3=Mathias|title=2018 IEEE Symposium on Security and Privacy (SP) |chapter=T-Fuzz: Fuzzing by Program Transformation |date=2018-07-26|location=San Francisco, CA|publisher=IEEE|pages=697–710|doi=10.1109/SP.2018.00056|isbn=978-1-5386-4353-2|s2cid=4662297|doi-access=free}}{{Citation|last1=Payer|first1=Mathias|title=Fine-Grained Control-Flow Integrity Through Binary Hardening|date=2015|url=http://link.springer.com/10.1007/978-3-319-20550-2_8|work=Detection of Intrusions and Malware, and Vulnerability Assessment|volume=9148|pages=144–164|editor-last=Almgren|editor-first=Magnus|place=Cham|publisher=Springer International Publishing|doi=10.1007/978-3-319-20550-2_8|isbn=978-3-319-20549-6|access-date=2020-09-30|last2=Barresi|first2=Antonio|last3=Gross|first3=Thomas R.|editor2-last=Gulisano|editor2-first=Vincenzo|editor3-last=Maggi|editor3-first=Federico|url-access=subscription}}

Payer's research has led to the discovery of several software vulnerabilities. Among them are the Bluetooth bugs BLURtooth{{Cite web|last=Lou|first=Remi|date=2020-09-11|title=BLURtooth : Cette faille de sécurité du Bluetooth n'a pas de solution|url=https://www.journaldugeek.com/2020/09/11/blurtooth-faille-securite-bluetooth-pas-solution/|access-date=2020-09-30|website=Journal du Geek|language=fr-FR}} and BLESA,{{Cite web|last=Cimpanu|first=Catalin|title=Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw|url=https://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/|access-date=2020-09-30|website=ZDNet|language=en}} and USBFuzz, a vulnerability that affects the implementation of USB protocol parsing across major operating systems.{{Cite web|last=Cimpanu|first=Catalin|title=New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD|url=https://www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/|access-date=2020-09-30|website=ZDNet|language=en}}{{Cite web|last=May 2020|first=Anthony Spadafora 28|title=USB systems may have some serious security flaws - especially on Linux|url=https://www.techradar.com/news/usb-systems-may-have-some-serious-security-flaws-especially-on-linux|access-date=2020-09-30|website=TechRadar|date=28 May 2020 |language=en}}{{Cite web|title=New fuzzing tool picks up insecure USB driver code|url=https://www.itnews.com.au/news/new-fuzzing-tool-picks-up-insecure-usb-driver-code-548674|access-date=2020-10-07|website=iTnews}}

Payer has been contributing to the development of the Decentralized Privacy-Preserving Proximity (DP-3T) protocol, on which the SwissCovid mobile application is built. The app allows for anonymous contact tracing to mitigate the COVID-19 pandemic.{{Cite web|date=2020-05-20|title=DP-3T White Paper|url=https://github.com/DP-3T/documents|access-date=2020-09-30|website=GitHub|language=en}}{{Cite news|date=2020-08-13|title=Coronavirus: England's contact tracing app trial gets under way|language=en-GB|work=BBC News|url=https://www.bbc.com/news/technology-53765240|access-date=2020-10-07}}{{Cite web|title=EPFL researchers put proximity tracing app to the test|url=https://sciencebusiness.net/network-updates/epfl-researchers-put-proximity-tracing-app-test|access-date=2020-09-30|website=Science{{!}}Business|language=en}}{{Cite web|title=Wissenschaftler warnen vor beispielloser Überwachung der Gesellschaft|url=https://www.netzwoche.ch/news/2020-04-22/wissenschaftler-warnen-vor-beispielloser-ueberwachung-der-gesellschaft|access-date=2020-09-30|website=www.netzwoche.ch|date=22 April 2020 |language=de}}{{Cite web|title=Coronavirus und Contact-Tracing – Mit dieser App will die Schweiz aus dem Lockdown|url=https://www.bazonline.ch/diese-app-warnt-uns-bei-einer-ansteckung-453708072013|access-date=2020-10-07|website=Basler Zeitung|date=21 April 2020 |language=de}}{{Cite web|title=Distanzmessung mit Bluetooth – Die "Swiss Covid"-App könnte zu vielen Fehlalarmen führen|url=https://www.tagesanzeiger.ch/die-swiss-covid-app-koennte-zu-vielen-fehlalarmen-fuehren-939856251352|access-date=2020-10-07|website=Tages-Anzeiger|date=20 June 2020 |language=de}}

Payer assisted the creation of the startup company xorlab that a former student of his, Antonio Barresi, founded.{{Cite web|title=Security Advisory - "Cross-VM ASL INtrospection (CAIN)"|url=https://www.xorlab.com/documents/cain_security_advisory.txt|access-date=2020-10-07}}{{Cite web|title=About|url=https://www.xorlab.com/about/|access-date=2020-10-07|website=www.xorlab.com}}

He gained recognition beyond his research field through his lectures at the CCC - Chaos Communication Congress,{{Citation|last1=Nspace|title=No source, no problem! High speed binary fuzzing|url=https://media.ccc.de/v/36c3-10880-no_source_no_problem_high_speed_binary_fuzzing|language=en|access-date=2020-10-07|last2=gannimo|date=29 December 2019 }}{{Citation|last=gannimo|title=Type confusion: discovery, abuse, and protection|date=30 December 2017 |url=https://media.ccc.de/v/34c3-8848-type_confusion_discovery_abuse_and_protection|language=en|access-date=2020-10-07}}{{Citation|last1=gannimo|title=New memory corruption attacks: why can't we have nice things?|url=https://media.ccc.de/v/32c3-7163-new_memory_corruption_attacks_why_can_t_we_have_nice_things|language=en|access-date=2020-10-07|date=28 December 2015 }} the BHEU-Black Hat Europe,{{Cite web|title=Black Hat Europe 2015|url=https://www.blackhat.com/eu-15/briefings.html#silently-breaking-aslr-in-the-cloud|access-date=2020-10-07|website=www.blackhat.com}} and others.{{Cite web|title=From the Bluetooth Standard to Standard Compliant 0-days {{!}} Daniele Antonioli and Mathias Payer {{!}} hardwear.io Virtual Conference|url=https://hardwear.io/virtual-con-2020/speakers/from-the-bluetooth-standard-to-standard-compliant-0-days.php|access-date=2020-10-07|website=hardwear.io}}{{Cite web|title=Talks Schedule 2020 {{!}} Insomni'Hack|url=https://insomnihack.ch/conference-2020/#202007|access-date=2020-10-07|language=en-US}}

He received the SNSF Eccellenza Award,{{Cite web|date=2019-11-01|title=Eccellenza: List of awardees|url=http://www.snf.ch/SiteCollectionDocuments/Eccellenza_Liste_Beitragsempfangende_e.pdf|access-date=2020-09-30}} and gained an ERC Starting Grant.{{Cite web|title=ERC FUNDED PROJECTS|url=https://erc.europa.eu/projects-figures/erc-funded-projects/results|access-date=2020-09-30|website=ERC: European Research Council|language=en|archive-date=2021-01-13|archive-url=https://web.archive.org/web/20210113223931/https://erc.europa.eu/projects-figures/erc-funded-projects/results|url-status=dead}} He is a Distinguished Member of the ACM "for contributions to protecting systems in the presence of vulnerabilities".{{Cite web |date=January 17, 2024 |title=International Computing Society Recognizes 2023 Distinguished Members for Significant Achievements |url=https://www.acm.org/media-center/2024/january/distinguished-members-2023}}

• {{cite book |doi=10.1145/2663716.2663755|chapter=The Matter of Heartbleed|title=Proceedings of the 2014 Conference on Internet Measurement Conference - IMC '14|year=2014|last1=Durumeric|first1=Zakir|last2=Payer|first2=Mathias|last3=Paxson|first3=Vern|last4=Kasten|first4=James|last5=Adrian|first5=David|last6=Halderman|first6=J. Alex|last7=Bailey|first7=Michael|last8=Li|first8=Frank|last9=Weaver|first9=Nicolas|last10=Amann|first10=Johanna|last11=Beekman|first11=Jethro|pages=475–488|isbn=9781450332132|s2cid=142767}}
• {{cite book |doi=10.1109/SP.2013.13|chapter=SoK: Eternal War in Memory|title=2013 IEEE Symposium on Security and Privacy|year=2013|last1=Szekeres|first1=L.|last2=Payer|first2=M.|last3=Tao Wei|last4=Song|first4=Dawn|pages=48–62|isbn=978-0-7695-4977-4|s2cid=2937041}}
• {{cite journal |doi=10.1145/3054924|title=Control-Flow Integrity|year=2017|last1=Burow|first1=Nathan|last2=Carr|first2=Scott A.|last3=Nash|first3=Joseph|last4=Larsen|first4=Per|last5=Franz|first5=Michael|last6=Brunthaler|first6=Stefan|last7=Payer|first7=Mathias|journal=ACM Computing Surveys|volume=50|pages=1–33|s2cid=1688011|doi-access=free}}
• {{cite book |doi=10.1109/SP.2018.00056|chapter=T-Fuzz: Fuzzing by Program Transformation|title=2018 IEEE Symposium on Security and Privacy (SP)|year=2018|last1=Peng|first1=Hui|last2=Shoshitaishvili|first2=Yan|last3=Payer|first3=Mathias|pages=697–710|isbn=978-1-5386-4353-2|s2cid=4662297}}
• {{cite book |doi=10.1007/978-3-319-20550-2_8|chapter=Fine-Grained Control-Flow Integrity Through Binary Hardening|title=Detection of Intrusions and Malware, and Vulnerability Assessment|series=Lecture Notes in Computer Science|year=2015|last1=Payer|first1=Mathias|last2=Barresi|first2=Antonio|last3=Gross|first3=Thomas R.|volume=9148|pages=144–164|isbn=978-3-319-20549-6}}
• {{cite book |doi=10.1007/978-3-319-30806-7_9|chapter=HexPADS: A Platform to Detect "Stealth" Attacks|title=Engineering Secure Software and Systems|series=Lecture Notes in Computer Science|year=2016|last1=Payer|first1=Mathias|volume=9639|pages=138–154|isbn=978-3-319-30805-0}}
• {{cite book |doi=10.1109/EuroSP.2016.24|chapter=Fine-Grained Control-Flow Integrity for Kernel Software|title=2016 IEEE European Symposium on Security and Privacy (EuroS&P)|year=2016|last1=Ge|first1=Xinyang|last2=Talele|first2=Nirupama|last3=Payer|first3=Mathias|last4=Jaeger|first4=Trent|pages=179–194|isbn=978-1-5090-1751-5|s2cid=1407691}}

{{reflist}}

• {{Google Scholar id|id=9cFCY5wAAAAJ}}
• Website of the [https://hexhive.epfl.ch/ HexHive Group]

{{Authority control}}

{{DEFAULTSORT:Payer, Mathias}}

Category:1981 births

Category:Living people

Category:ETH Zurich alumni

Category:University of California, Berkeley alumni

Category:Academic staff of the École Polytechnique Fédérale de Lausanne

Category:Liechtenstein writers