Découvrez les finalistes des compétitions CSAW !

Découvrez les finalistes des 4 compétitions CSAW'23 !

Publié le 27 octobre 2023

Applied Research

In the Applied Research Competition, student researchers are invited to compete for the CSAW Best Paper Award. Eligible submissions include papers published between September 1, 2021 and August 31, 2022, on any topic related to the application of security technology, or the implementation of security systems

Matthew Rossi, Università degli studi di Bergamo, Italy
NatiSand: Native Code Sandboxing for JavaScript Runtimes
Ladisa Piergorgio, SAP Security Research & Université de Rennes 1, France,
SoK: Taxonomy of Attacks on Open-Source Software Supply Chains
Christian Niesler & Jan Thomas, University of Duisburg-Essen & Ruhr University Bochum, Germany,
ClepsydraCache -- Preventing Cache Attacks with Time-Based Evictions
Andrea Floraldi, Eurecom, France;
LibAFL: A Framework to Build Modular and Reusable Fuzzers
Soheil Khodayari, CISPA Helmholtz Center for Information Security, Germany,
It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
Lukas Gerlach, CISPA Helmholtz Center for Information Security, Germany,
A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs
Tobias Cloosters, University of Duisburg-Essen, Germany,
RiscyROP: Automated Return-Oriented Programming Attacks on RISC-V and ARM64
Mikhail Shcherbakov, KTH Royal Institute of Technology, Sweden,
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
Rognar Marton, KU Leuven, Belgium,
ShowTime: Amplifying Arbitrary CPU Timing Side Channels
Wai Man Si, CISPA Helmholtz Center for Information Security,Germany,
Why So Toxic? Measuring and Triggering Toxic Behavior in Open-Domain Chatbot

Capture The Flag

Students tackle problems in a series of real-world scenarios modeling various computer security problems.
To succeed, teams must demonstrate a profound understanding of the roles and ramifications of cyber security in these situations. Because the challenges are designed to teach, CTF requires contestants to integrate concepts, develop skills, and learn to hack as they go.

Scooby-NTUA : ECE National Technical University of Athens, Greece, :
Thanasis Konstantopoulos, Apostolos Chatzianagnostou, Spyridon Michail Evangelou, Chronis Sapountzakis
Srdnlen : Università degli Studi di Cagliari, Italy,
Riccardo Sulis, Simone Sulis,Lorenzo Siriu, Massimo Sanna
Rubi di cubrik : University of Milano-Bicocca, Universita degli studi di Padova, University of Camerino Italy
Stefano Pavesi, Alessandro Zanier, Michele Perini, Vincenzo Petrillo
STT : Instituto Superior Tecnico Lisboa, Portugal
Nuno Sabino Afonso Santos Bruno Mendes André Mendes
Radboud Institute of Pwining : Radboud University, Netherland
WardTheunisse, BarisAstik, HarmRoukema, Rick de Jager
CyberHero : University of Nis (Faculty of Electronic Engineering), Faculty of Computing, Union university School of Electrical Engineering, University of Belgrade Serbia, Faculty of Technical Sciences, University of Novi Sad
Lazar Mancic, Mihajlo Krsmanovic Aleksa Vuckovic Marko Gordic
/mnt /ain : EPFL, ETH Zurich, HSLU
Philippe Dourassov, Aaron Hodel Yoric Züger Luc Fisch
Phreaks 2600 : Ecole 2600, France
Mohammed Benhelli, Dimitri Carlier, Esteban Tonglet, Lucas Valentin
TRX : Sapienza university of Rome, Italy
Dario Petrillo, Christian Contignola, Tommaso de Nicola, Leandro Antonio Pagano
R0073RS : Coventry University, UK
Alexander Smith, Hedvig Mareng, Haydon Smith, Arsen Chilingaryan
BelRedDaemons : Howest, Ecole 2600, KU Leuven, France, Belgium
Arsen Chilingaryan, Brahim El Fikhi Thomas Vandeputte
Polyflag : EPFL, Karlsruhe Institute of Technology, ETH Zurich, Sweden
Liam Wachter, Joshua Bernimoulin, Léo Larigauderie, Adam Amanbaev
DragonSec SI : University of Ljubljana, Slovenia,
Aljaž Medič Jure Mihelčič Žnidaršič Miha Frangež Jure Pustoslemšek
LosFuzzys : Graz University of Technology, Austria
Yuma Buchrieser, Hannes Weissteiner, Sebastian Daniel Felix, Marcell Matthias Haritopoulos
CheriPI, University of Cambridge, England
Zhongqi Zhao, Yi Chen Chai, Harry Chen, Zeyu Zhang

Embedded Security Challenge

ESC is an educational, research-oriented tournament aimed at hacking into the hardware of embedded systems. First run in 2008, it is the oldest hardware security competition in the world, 2023 represents ESC's 16-year anniversary.This year's ESC focuses on side channel attacks (SCA) on cyber-physical systems (CPS). Cyber-physical systems are used by hundreds of industries and in many critical infrastructure systems. If these CPSs are not properly setup they can leak information even if they are using cryptographically secure software. This year, teams will investigate a range of SCAs on an Arduino Uno based CPS running several firmware that expose various side channels.

Hackcess, IUT de Roanne, France Boye Mouhamed, Foulie Aymeric, Malosse Tom ; Dufour Theo

BitsFromBZH : Université Bretagne Sud, France : Adam Henault, Florian Lecocq, Axel Gouriou, Philippe Tanguy

Towpath Inspectors UNLTD, University of Birmighan, UK : Matthew Bowden Martin Thompson Jacqueline Henes Jesse Spielman

Breiz’Hell : ENSIBS, France : Théo Riviere, Léo Chaigneau, Oken Keten, Rémi Bouillet

BloCAj, IUT GEII Saint Etienne, France, Amine Alia, Charlie Durand, Jules Fellouse, Jean Loup Jouve

Th30s University of Piraeus : University of Piraeus, Greece, Spyridon Konstantinos Mokos, Fiotakis Ilias, Mamidakis Georgios, Meletios Michail

TheRomanXpl0it, Sapienza Università di Roma, Italy : Leonardo Danella, Tiziano, Caruana, Krisjan Tarantelli, Francesco Bianchi

Red Team Competition

The Red Team Competition is developed for high school students, with the aim of encouraging young people to choose cybersecurity careers. This competition is open to all high school students in metropolitan France, whether they are beginners or have some experience with cybersecurity issues. This year, the Red Team competition is co-created by Grenoble INP – Esisar, UGA in partnership with Root-Me, a platform for learning computer security and hacking. Teams of 1 to 3 students from the same school are invited to participate in online qualification challenges

S3cur3D : Notre Dame les Oiseaux Verneuil Sur Seine
Ret C2lhu : Jean Macé Rennes
Neptune.sh : Lycée sud Medoc, Saint Medard en Jalles
St-Barth’s 2 valence : Saint Barthélémy, Nice
Libs<2.27 for the win : Lycée Charlemagne, Paris
Frobnitz : Lycée Louis Pergaud, Besançon
Joshua et Ethan : Lycée Gustave Eifel, Bordeaux
Hardware : Lycée Gustave Eifel, Bordeaux
Hunter : The matrix REBOOT : Lycée général et technologique les trois soucrces, Bourg les valence
#bin/bash : Saint Denis, Annonay

PUF-enabled Security Challenge

PSC gives students the opportunity to present innovative PUF-based security solutions to a panel of security experts.
The PUF-based security feature to be presented can address any threats of a modern IoT system from low level hardware attacks to system level attacks (hardware attacks detection, key distribution, support to secure computing ….)
The contest is organized in two steps with a qualification phasis and an on-site final during CSAW 2023.

The Agents of P.U.F, University of Sheffield, UK
Realising Symbiotic Security through Software/Firmware/PUF Co-Design
IMSE-CNM, University of Seville, Spain
The use of Physical Unclonable Functions (PUFs) for the purpose of linking physical assets with Non-Fungible Tokens (NFTs)
ArcadesLab, Università degli Studi di Napoli Federico II, Italy
A group-key management protocol based on PUF
GDE, University of Zaragoza
A new PUF based on sensors for the identification of IoT smart mobile devices
Comelec, Institut Mines Télécom - Telecom Paris
Security Of Physically Unclonable Functions Against Modeling Attacks,
ByteDefenders : Grenoble INP - Esisar, UGA France
PUF-TLS

Mise à jour - 31/10/2023