Christian Rossow (@[email protected])
@chrossow
Followers
1K
Following
672
Media
35
Statuses
649
Faculty at CISPA - Helmholtz Center for Information Security
Germany
Joined May 2010
My research group @CISPA is hiring PhD students and PostDocs! Are you interested in network/software/system security? You'd start in an excellent research environment and enjoy complete academic freedom at ~52-61k EUR annual salary. Details: -- please RT.
3
36
79
RT @ACSAC_Conf: 📣 The program for #ACSAC2024 is now online in its full glory: Once you have seen all the interesti….
0
7
0
0
9
0
RT @veelasha_m: Manuel Egele and I look forward to your submissions 🥳.#DIMVA25 will have two deadlines:.04 Dec 2024 & 12 Feb 2025. #DIMVA i….
0
10
0
RT @IEEEEUROSP: We have just published the CfP of EuroS&P 2025! Check out and get your papers registered by October….
0
12
0
In 00SEVen, remote analysts can connect to the VM, remotely attest the forensic agent, and then perform libVMI-compatible forensic tasks such as memory & register inspection, or setting traps. Don't miss @fa_schwarz' talk @USENIXSecurity on Wed, 4:30pm, "Forensics" track. 3/3.
2
0
0
00SEVen leverages so-called VM Privilege Levels (VMPLs) in AMD SEV to execute a protected forensic agent inside the VM. Running at a higher VMPL than system software, even full-system compromises (e.g., kernel-level attackers) cannot tamper with the agent. 2/3.
1
1
0
Hypervisors can't see the memory content of confidential (AMD SEV) VMs. This undermines memory forensics and its rootkit detection. @fa_schwarz will present 00SEVen at #usesec24, which re-enables forensics in confidential VMs *without* revealing memory to the cloud provider. 1/x
2
12
34
Don't miss @ypannap's #usesec24 talk on discovering loop #DoS vulnerabilities in network services! 2nd talk in Session I (Track: DDoS) on Wednesday. Great collaboration with Anna Ascheman, who did large chunks of this work during her @CISPA internship.
We @CISPA discovered that attackers could trigger infinite message loops at the application layer between servers of popular protocols such as DNS, FTP, or NTP. To trigger such an infinite loop, attackers just have to send a single (!) IP-spoofed trigger message. 1/4
0
2
4
RT @misc0110: With the #GhostWrite CPU vulnerability, all isolation boundaries are broken - sandbox/container/VM can't prevent GhostWrite f….
0
160
0
RT @mlsec: Today, Felix is presenting our SoK paper on target selection for directed fuzzing at @ASIACCS2024. We analyzed 9 common selectio….
0
31
0
RT @kcotsneb: This is your reminder that we still solicit (self-)nominations for the 2025 EuroS&P PC. If you have published at top security….
0
17
0
Full support. Diversifying the conference locations raises fairness in *many* respects. Thanks for the visualization and comparison.
Some top tier conferences have a heavy geographical bias. Software engineering leads in diversity while security mostly sticks to the US. We need to start moving! @NDSSSymposium @IEEESSP @USENIXSecurity live map:
0
0
12
Our talk will be Wed (May 22) afternoon (Track 1 / Session 12). Looking forward to your comments! Also, come and see our poster. Alas, @ypannap (PhD candidate in my group and main author) faced visa issues😐Paper preview: (4/4).
0
0
2
2) We show that attackers can leak the server-chosen initial sequence number (ISN). The ISN is the only secret that prevents spoofing attackers from transmitting payloads over their IP-spoofed connections with accurate SEG.ACK numbers. (3/4)
1
0
1
1) We show that attackers can abuse the large send window to bruteforce TCP's SEG.ACK numbers. We observed that attackers can transmit TCP payloads by ACKing data that was never sent ("ghost ACKs"). Good news: Linux already patched this problem. (2/4)
1
0
1
Traveling to #IEEESP2024 to present @ypannap's paper on TCP spoofing. Our @CISPA work shows how attackers can leverage IP-spoofed TCP connections to evade network-based access control (e.g., in firewalls, DBs, or SPF). We present two core ideas: (1/4)
1
5
21
RT @carmelatroncoso: Statement, signed by 250+ researchers, warning that the modifications of the Regulation to detect CSAM proposed by the….
0
66
0
RT @tgianko: Lujo (@lujobauer) and I are seeking nominations for service on the program committee for @USENIXSecurity '25. You may nominate….
0
37
0
Why should a potentially backdoored library like xz be able to invoke any system command? **It shouldn't.** That's why we @CISPA built a library isolation system "Cali" that allows fine-grained per-lib privileges: (@MarkusBauer_mkb kudos). Start using it!.
As wary as I am about tweeting anything, my hot take on xz is that first class isolation/capabilities support for deps is a much better solution than sbom; supply chain regulations; upgrading or not upgrading your deps; static analysis; dynamic analysis or whatever.
1
3
13