Professor David Oswald

Professor David Oswald

School of Computer Science
Professor in Computer Security
Head of Research of Computer Science

Contact details

Email
d.f.oswald@bham.ac.uk
View my research portal
Address
School of Computer Science
University of Birmingham
Edgbaston
Birmingham
B15 2TT
UK

David Oswald is a Full Professor in the Centre for Cyber Security and Privacy at the University of Birmingham, UK. His main field of research is the security of embedded systems and trusted execution. On the one hand, the focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering.

On the other hand, David is working on the practical realization of security systems in embedded applications. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, VW/Hitag2 RKE systems, and Intel SGX) has created awareness for the crucial importance of security among developers of embedded devices.

For more information please visit David's Computer Science profile

Qualifications

  • PhD (“Dr.-Ing.”) in IT Security (Ruhr-University Bochum) 2013
  • Combined MSc/BSc in IT Security (“Dipl.-Ing.”) 2009

Postgraduate supervision

  • Murdock, main supervisor, since 2018: FaultFinder: From Faulty Output to Fault Model --- An Automated Approach

  • Pemberton, main supervisor, since 2018: BioLeak: Side-Channel Analysis of Fingerprint Matching Algorithms

  • Aldoseri, main supervisor since 2018: Security of TEEs

  • Zhang, main supervisor since 2019: Next-generation security protocols for medical devices

  • Spielman, main supervisor since 2021: SCAvenger - Attacking Machine Learning with Side Channel Attacks
  • Jacqueline, main supervisor since 2021: Capability architectures: attacks and defenses

Research

  • Embedded system security

  • IoT, RFID and wireless communication

  • Real-world implementation attacks

  • Side-channel analysis

  • Trusted Execution Environments

Publications

Recent publications

Article

Chen, Z & Oswald, D 2023, 'PMFault: Faulting and Bricking Server CPUs through Management Interfaces: Or: A Modern Example of Halt and Catch Fire', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2023, no. 2, pp. 1-23. https://doi.org/10.46586/tches.v2023.i2.1-23

Alder, F, Van Bulck, J, Spielman, J, Oswald, D & Piessens, F 2022, 'Faulty point unit: ABI poisoning attacks on trusted execution environments', Digital Threats: Research and Practice, vol. 3, no. 2, 13, pp. 1-26. https://doi.org/10.1145/3491264

Xu, Z, Pemberton, OM, Roy, SS, Oswald, D, Yao, W & Zheng, Z 2021, 'Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: the case study of Kyber', IEEE Transactions on Computers. https://doi.org/10.1109/TC.2021.3122997

Van Den Herrewegen, J, Oswald, D, Garcia, F & Temeiza, Q 2020, 'Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 1. https://doi.org/10.46586/tches.v2021.i1.56-81

Murdock, K, Oswald, D, Garcia, F, Van Bulck, J, Gruss, D & Piessens, F 2020, 'Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble', IEEE Security & Privacy Magazine, vol. 18, no. 5, 9104908, pp. 28-37. https://doi.org/10.1109/MSEC.2020.2990495

Conference contribution

Pemberton, O & Oswald, D 2023, BioLeak: Exploiting Cache Timing to Recover Fingerprint Minutiae Coordinates. in Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security (ASHES ’23). Association for Computing Machinery (ACM). https://doi.org/10.1145/3605769.3623994

Van Strydonck , T, Noorman , J, Jackson, J, Dias, L, Vanderstraeten , R, Oswald, D, Piessens, F & Devriese , D 2023, CHERI-TrEE: Flexible enclaves on capability machines. in EuroS&P - 8th IEEE European Symposium on Security and Privacy. IEEE European Symposium on Security and Privacy, IEEE, pp. 1143-1159, 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands, 3/07/23. https://doi.org/10.1109/EuroSP57164.2023.00070.

Xu, Z, Pemberton, O, Oswald, D & Zheng, Z 2023, Reveal the invisible secret: chosen-ciphertext side-channel attacks on NTRU. in International Conference on Smart Card Research and Advanced Applications: CARDIS 2022: Smart Card Research and Advanced Applications. Lecture Notes in Computer Science, vol. 13820, Springer, pp. 227–247, 21st Smart Card Research and Advanced Application Conference, Birmingham, United Kingdom, 7/11/22. https://doi.org/10.1007/978-3-031-25319-5_12

Aldoseri, A, Chothia, T, Moreira-Sanchez, J & Oswald, D 2023, Symbolic Modelling of Remote Attestation Protocols for Device and App Integrity on Android. in J Liu, Y Xiang, S Nepal & G Tsudik (eds), ASIA CCS '23: Proceedings of the 2023 ACM on Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), pp. 218–231, 18th ACM ASIA Conference on Computer and Communications Security , Melbourne, Victoria, Australia, 10/07/23. https://doi.org/10.1145/3579856.3582812

Aldoseri, A, Oswald, D & Chiper, R 2022, A tale of four gates: privilege escalation and permission bypasses on android through app components. in V Atluri, R Di Pietro, CD Jensen & W Meng (eds), Computer Security – ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part II. 1 edn, Lecture Notes in Computer Science, vol. 13555, Springer, pp. 233–251. https://doi.org/10.1007/978-3-031-17146-8_12

Zhang, M, Marin, E, Oswald, D & Singelée, D 2022, FuzzyKey: comparing fuzzy cryptographic primitives on resource-constrained devices. in V Grosso & T Pöppelmann (eds), Smart Card Research and Advanced Applications - 20th International Conference, CARDIS 2021, Revised Selected Papers: 20th International Conference, CARDIS 2021, Lübeck, Germany, November 11–12, 2021, Revised Selected Papers. Lecture Notes in Computer Science, vol. 13173, Springer Verlag, pp. 289-309, 20th Smart Card Research and Advanced Application Conference, Lübeck, Germany, 11/11/21. https://doi.org/10.1007/978-3-030-97348-3_16

Aldoseri, A & Oswald, D 2022, insecure://: Vulnerability analysis of URI scheme handling in Android mobile browsers. in Proceedings of MADWeb 2022: Workshop on Measurements, Attacks, and Defenses for the Web. Proceedings of the Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), The Internet Society, Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2022
, 28/04/22. https://doi.org/10.14722/madweb.2022.23003

Lipp, M, Kogler, A, Oswald, D, Schwarz, M, Easdon, C, Canella, C & Gruss, D 2021, PLATYPUS: software-based power side-channel attacks on x86. in 2021 IEEE Symposium on Security and Privacy (SP). Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 355-371, 42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021), virtual event, 24/05/21. https://doi.org/10.1109/SP40001.2021.00063.

Alder, F, Van Bulck, J, Oswald, D & Piessens, F 2020, Faulty Point Unit: ABI Poisoning Attacks on Intel SGX. in ACSAC '20: Annual Computer Security Applications Conference 2020., 3427270, Association for Computing Machinery (ACM), pp. 415-427, ACSAC '20: Computer Security Applications Conference 2020, virtual event, 7/12/20. https://doi.org/10.1145/3427228.3427270

Murdock, K, Oswald, D, Garcia, F, Van Bulck, J, Gruss, D & Piessens, F 2020, Plundervolt: software-based fault injection attacks against Intel SGX. in 2020 IEEE Symposium on Security and Privacy (SP)., 9152636, IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 1466-1482, 41st IEEE Symposium on Security and Privacy, San Francisco, United States, 17/05/20. https://doi.org/10.1109/SP40000.2020.00057

View all publications in research portal