Head of Mobile Services Group. Cyber-Physical Security Systems, Fraunhofer Institute for Secure Information Technology,

Transcription

1 Alexandra Dmitrienko Curriculum Vitae (last updated in June, 2015) Gender Nationality Location Personal Data female Russian Darmstadt, Germany Phone +49 (6151) / /2015 Education Dr.-Ing. (Ph.D. in Security in Information Technology) with distinction, Department of Computer Sciences, Technische Universität Darmstadt, Germany, Dissertation: Security and Privacy Aspects of Mobile Platforms and Applications. Advisors: Prof. Dr. Michael Waidner (Technische Universität Darmstadt) and Prof. Dr. Srdjan Čapkun (ETH Zurich) M. Sc. of Engineering and Technology with distinction, GPA 5.0(5.0). Department of Computer Sciences, St. Petersburg State Polytechnic University, Russia B. Sc. of Engineering and Technology with distinction, GPA 4.85(5.0). Department of Computer Sciences, St. Petersburg State Polytechnic University, Russia 01/2015 now 01/ / / / / /2009 Working Experience Head of Mobile Services Group. Cyber-Physical Security Systems, Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany Research Assistant. Trust and Compliance, Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany Research Assistant. Cyber-Physical Mobile Systems Security, Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany Research Assistant. System Security Lab, Ruhr-University Bochum, Germany +49 (6151) /7

2 Branch Manager. Department of Wireless Technologies, EFO Ltd, St. Petersburg, Russia Field Application Engineer. Technical Support Department, EFO Ltd, St. Petersburg, Russia Selected Projects SMAC: Smartphone-based access control for automotive applications (with Robert Bosch GmbH as an industrial partner) - project lead Fraunhofer SIT Project Key2Share ( - project lead Industrial project with Nokia Integrated Privacy-Preserving On-board Credentials (ipoc) BSI Project Trusted Embedded Secure Operating System (TeSOS) FP6 EU Project Open Trusted Computing ( Languages Russian English German native fluent intermediate (B2 level) Fields of Competence Trusted Computing technology (TPMs, MTMs, secure boot, remote attestation, etc.) Wireless sensor networks (secure routing, software attestation, ZigBee networks) Runtime attacks for x86 and ARM (new attack methods, exploit development) Operating system security (system-level services for L4-based microkernels, security extensions for mobile operating systems) Applied cryptography (protocol design) Hardware based system security (secure elements, processor-based extensions) Authentication security (password-based, token-based, 2-factor authentication) Access control systems (based on RFID cards and smartphones) Digital payments (mobile payments, Bitcoin) Mobile ticketing services Skills in Software Development System-level development (C, C++, Assembler for x86 and ARM) Embedded systems / microcontrollers / ARM (C, C++) Application development for Android (Java) SVN/GIT (development in teams) Lead of development projects +49 (6151) alexandra.dmitrienko@googl .com 2/7

3 Nov, 2014 Sep, 2014 Jul, 2014 Industrial Trainings Führungsplanspiel Avalon. Leadership training by Bosch, Pforzheim, Germany Intercultural awareness training by SAP, Walldorf, Germany Creativity & innovation. Training by DATEV, Nürnberg, Germany Jun, 2014 Grundlagen der Szenarioplanung. Training by Robert Bosch GmbH, Stuttgart, Germany May, 2014 Mar, 2014 Nov, 2013 Sep, 2007 Nov, 2007 Jan, 2006 Leistungsstarke Teams bilden & führen. Training on social and self-competence by Holtzbrinck Publishing Group, Stuttgart, Germany Business meets technology: Geschäftsverständnis für Software Experten. Business training by Siemens AG, Berlin, Germany Ideation and business planning. Training by EIT ICT Labs, Berlin, Germany IEEE Atmel system training, Dresden, Germany New hardware TCP/IP chip W3150+, Chip-based modules and development kits, WIZnet technical training, Munich, Germany Hardware TCP/IP chips for embedded systems, WIZnet Technical Training, Soul, South Korea Honors, Awards and Scholarships Fraunhofer TALENTA Speed Up funding for support of female researchers in career development. Host institution: Fraunhofer SIT, Darmstadt, Germany Software Campus Program for support of young IT experts. Academic partner: Fraunhofer SIT, Darmstadt, Germany. Industrial partner: Robert Bosch GmbH, Schwieberdingen, Germany Intel Doctoral Student Honor Award. Host institution: Fraunhofer SIT, Darmstadt, Germany 04/ /2011 Research/study award. ERASMUS Mundus Co-operation Window Programme for PhD candidates. Host institution: Ruhr-Universität Bochum, Germany Scholarship for exchange students from Kiel city (Stipendium der Stadt Kiel). Host institution: Kiel University of Applied Sciences, Germany List of Publications Books [B1] N. Asokan, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Kari Kostiainen, Elena Reshetova, and Ahmad-Reza Sadeghi. Mobile Platform Security, volume 4 of Synthesis Lectures on Information Security, Privacy, and Trust. Morgan & Claypool, December PhD Thesis [S1] Alexandra Dmitrienko. Security and Privacy Aspects of Mobile Platforms and Applications. PhD thesis, TU Darmstadt, April tu-darmstadt.de/4611/. +49 (6151) alexandra.dmitrienko@googl .com 3/7

4 Conferences and Workshops with Proceedings [C1] Alexandra Dmitrienko, Stephan Heuser, Thien Duc Nguyen, Marcos da Silva Ramos, Andre Rein, and Ahmad-Reza Sadeghi. Market-driven code provisioning to mobile secure hardware. In Financial Cryptography and Data Security, January [C2] Christoph Busold, Alexandra Dmitrienko, and Christian Wachsmann. Key2Share for authentication services. In SmartCard Workshop, February [C3] Alexandra Dmitrienko, David Noack, Ahmad-Reza Sadeghi, and Moti Yung. On offline payments with Bitcoin. Invited paper. In Workshop on Bitcoin Research, March [C4] Alexandra Dmitrienko, Christopher Liebchen, Christian Rossow, and Ahmad-Reza Sadeghi. On the (in)security of mobile two-factor authentication. In Financial Cryptography and Data Security Conference, March [C5] Marcin Nagy, Emiliano De Cristofaro, Alexandra Dmitrienko, N. Asokan, and Ahmad-Reza Sadeghi. Do I know you? - Efficient and privacy-preserving common friend-finder protocols and applications. In Annual Computer Security Applications Conference, December [C6] N. Asokan, Alexandra Dmitrienko, Marcin Nagy, Elena Reshetova, Ahmad-Reza Sadeghi, Thomas Schneider, and Stanislaus Stelle. CrowdShare: Secure mobile resource sharing. In International Conference on Applied Cryptography and Network Security, June [C7] Kevin Z. Snow, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Fabian Monrose, and Ahmad-Reza Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In IEEE Symposium on Security and Privacy, May [C8] Lucas Davi, Alexandra Dmitrienko, Stefan Nürnberger, and Ahmad-Reza Sadeghi. Gadge me if you can - secure and efficient ad-hoc instruction-level randomization for x86 and ARM. In ACM Symposium on Information, Computer and Communications Security, May [C9] Christoph Busold, Alexandra Dmitrienko, Hervé Seudié, Ahmed Taha, Majid Sobhani, Christian Wachsmann, and Ahmad-Reza Sadeghi. Smart keys for cyber-cars: Secure smartphone-based NFC-enabled car immobilizer. In ACM Conference on Data and Application Security and Privacy, February [C10] Lucas Davi, Alexandra Dmitrienko, Stefan Nürnberger, and Ahmad-Reza Sadeghi. XIFER: A software diversity tool against code-reuse attacks. In ACM International Workshop on Wireless of the Students, by the Students, for the Students, August [C11] Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Sandeep Tamrakar, and Christian Wachsmann. SmartTokens: Delegable access control with NFC-enabled smartphones. In International Conference on Trust and Trustworthy Computing. Springer, June (6151) alexandra.dmitrienko@googl .com 4/7

5 [C12] Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, and Ahmad-Reza Sadeghi. MoCFI: A framework to mitigate control-flow attacks on smartphones. In Network and Distributed System Security Symposium, February [C13] Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, and Bhargava Shastry. Towards taming privilege-escalation attacks on Android. In Network and Distributed System Security Symposium, February [C14] Lucas Davi, Alexandra Dmitrienko, Christoph Kowalski, and Marcel Winandy. Trusted virtual domains on OKL4: Secure information sharing on smartphones. In ACM Workshop on Scalable Trusted Computing. ACM Press, October [C15] Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, and Bhargava Shastry. Practical and lightweight domain isolation on Android. In ACM Workshop on Security and Privacy in Mobile Devices. ACM Press, October [C16] Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, and Marcel Winandy. A security architecture for accessing health records on mobile phones. In International Conference on Health Informatics, October [C17] Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, and Marcel Winandy. Securing the access to electronic health records on mobile phones. In Biomedical Engineering Systems and Technologies Revised Selected Papers. Springer-Verlag, [C18] Sven Bugiel, Alexandra Dmitrienko, Kari Kostiainen, Ahmad-Reza Sadeghi, and Marcel Winandy. TruWalletM: Secure web authentication on mobile platforms. In International Conference on Trusted Systems, December [C19] Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy. Privilege escalation attacks on Android. In Information Security Conference, October [C20] Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, and Marcel Winandy. Return-oriented programming without returns. In ACM Conference on Computer and Communications Security, October [C21] Kari Kostiainen, Alexandra Dmitrienko, Jan-Erik Ekberg, Ahmad-Reza Sadeghi, and N. Asokan. Key attestation from trusted execution environments. In International Conference on Trust and Trustworthy Computing, June [C22] Luigi Catuogno, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Steffen Schulz, Marcel Winandy, Jing Zhan, Konrad Eriksson, Dirk Kuhlmann, Gianluca Ramunno, and Matthias Schunter. Trusted virtual domains - design, implementation and lessons learned. In International Conference on Trusted Systems, December (6151) alexandra.dmitrienko@googl .com 5/7

6 Workshops without Proceedings [W1] Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, and Ahmad-Reza Sadeghi. CFI goes mobile: Control-flow integrity for smartphones. In International Workshop on Trustworthy Embedded Devices. September Extended Abstract. [W2] Alexandra Dmitrienko. Zigbee-to-TCP/IP gateway: New opportunities for ZigBeebased sensor networks. In International Workshop on Ambient Intelligence and Embedded Systems, September Technical Reports and White Papers [T1] Alexandra Dmitrienko, Christopher Liebchen, Christian Rossow, and Ahmad-Reza Sadeghi. On the (in)security of mobile two-factor authentication. Technical Report TUD-CS , CASED, [T2] Kevin Z. Snow, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Fabian Monrose, and Ahmad-Reza Sadeghi. Just-in-time code reuse: the more things change, the more they stay the same. In BlackHat USA, August [T3] N. Asokan, Alexandra Dmitrienko, Marcin Nagy, Elena Reshetova, Ahmad-Reza Sadeghi, Thomas Schneider, and Stanislaus Stelle. CrowdShare: secure mobile resource sharing. Technical Report TUD-CS , TU Darmstadt, April [T4] Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad-Reza Sadeghi. Over-the-air cross-platform infection for breaking mtan-based online banking authentication (white paper). In BlackHat Abu Dhabi, December [T5] Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, and Ahmad-Reza Sadeghi. XManDroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR , Ruhr-University Bochum, System Security Lab, April [T6] Ahmad-Reza Sadeghi, Steffen Schulz, Alexandra Dmitrienko, Christian Stüble, Dennis Gessner, and Markus Ullmann. Trusted embedded system operating system (TeSOS) - study and design. Technical Report HGI-TR , Ruhr-University Bochum, System Security Lab, April Posters [P1] Alexandra Dmitrienko, David Noack, Ahmad-Reza Sadeghi, and Moti Yung. POSTER. Bitcoin2Go: secure offline and fast payments with Bitcoins. In Financial Cryptography and Data Security Conference, March [P2] Christoph Busold, Alexandra Dmitrienko, Hervé Seudié, Ahmed Taha, Majid Sobhani, Christian Wachsmann, and Ahmad-Reza Sadeghi. POSTER: Secure smartphonebased NFC-enabled car immobilizer. In ACM Conference on Data and Application Security and Privacy, February [P3] Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, and Bhargava Shastry. POSTER: The quest for security against privilege escalation attacks on Android. In ACM Conference on Computer and Communications Security. ACM, October (6151) alexandra.dmitrienko@googl .com 6/7

7 [P4] Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, and Ahmad-Reza Sadeghi. POSTER: Control-flow integrity for smartphones. In ACM Conference on Computer and Communications Security. ACM, October Industrial Journals [J1] Alexandra Dmitrienko, Christopher Liebchen, Christian Rossow, and Ahmad-Reza Sadeghi. Security analysis of mobile two-factor authentication schemes. Intel Technology Journal, ITJ66 Identity, Biometrics, and Authentication Edition, 18, [J2] Alexandra Dmitrienko. Wiznet W3150A network co-processor: New features for embedded devices. Components and Technologies, 12(7), [J3] Alexandra Dmitrienko and Alexey Naumov. Passive infrared detectors Sencera: New name at the market. Electronic Components, 12(11), [J4] Alexandra Dmitrienko. TDK components for electromagnetic compatibility. Electronic Components, 12(4), [J5] Alexandra Dmitrienko and Igor Krivchenko. Humidity sensors Sencera. Electronic Components, 12(8), [J6] Alexandra Dmitrienko and Igor Krivchenko. Sensors and detectors Sencera. Components and Technologies, 12(8), (6151) /7