I am a Principal Research Scientist co-leading the AI for Cyberdefence (AICD) Research Center at the Alan Turing Institute in London, UK.


My research sits at the intersection of Systems Security and Machine Learning, covering topics such as autonomous network defence and AI Cyber Risks. You can find my recent publications (see Publications and Scholar) for relevant papers and preprints in this domain. I have recently led the release of our AI Cyber Risk Benchmark on automated vulnerability detection as well as the cyber offense section in the International Scientific Report on the Safety of Advanced AI (Interim Report) alongside Yoshua Bengio and other distinguished experts (final version out soon!).

My research has been published in top-tier academic venues such as NeurIPS, the ACM Conference on Computer and Communications Security (CCS), the Privacy Enhancing Technologies Symposium (PETs), and the Network & Distributed System Security Symposium (NDSS). I also enjoy presenting at practitioner-focused events such as BlackHat US/EU, Defcon, and the Chaos Communication Congress. I have been honored to appear in the 10-of-200 young researchers' list by the Heidelberg Laureate Forum.

Apart from my main research area, I have contributed to various other initiatives. Snappy is a fast-payment solution for slow permissionless blockchains, paving the way to preconfs which are now taking off. Myst is a high-assurance cryptographic hardware prototype that was the first trojan-resilient system matching the performance of conventional hardware security modules (CSAW 2018 Competition Finalist). My work on ultrasound tracking received broad media attention and is considered seminal in this field. In collaboration with Petr Svenda, we released the first open-source cryptographic library for JavaCards enabling developers to break free from manufacturer lock-ins. I have also published numerous studies examining market fairness and manipulation from a security perspective..

Vasilios Mavroudis

vmavroudis at turing.ac.uk
Defence and Security programme
Alan Turing Institute
96 Euston Rd
London NW1 2DB
United Kingdom

Recent News

December 2019: Our paper on fast decentralized on-chain payments was accepted at NDSS 2020 and is a finalist for the Spark Award! August 2019: Our paper on neural net-based side-channel attacks was accepted at IACR Asiacrypt 2019! July 2019: Our paper with Refinitiv will appear at the ACM conference on Advances in Financial technologies! June 2019: I was awarded one of the three Oasis Labs' fellowships for 2019-2020! May 2019: Tradescope: Our project on market manipulation is live! Feb 2019: I will attend the 3rd AI Safety Camp to work on Intelligent Agent side-effects and ML Robustness! Feb 2019: Stream of works on "Market manipulation as a security problem" accepted on Eurosec 2019 and the 27th Workshop on Security Protocols! Jan 2019: My interview at the Heidelberg Laureate Forum is now online! [Link] Jan 2019: I am a fellow in the ConceptionX commercialization and entrepreneurship program! Jan 2019: I completed a 5-course Deep Learning Specialization on Coursera! [Link] [1, 2, 3, 4, 5] Nov 2018: I was awarded a grant from the generous Allan & Nesta Ferguson Charitable Trust! [Link] Oct 2018: Our paper ''High-Assurance Cryptographic Hardware from Untrusted Components'' is a finalist for the CSAW Europe Applied Research Award. [Link] Oct 2018: I'm quoted in ''Wired'' about our work on hardware trojans. [Link] Sep 2018: My interview on Süddeutsche Zeitung is online. [Link] Sep 2018: I am listed in the 10 out of 200 young scientists by Heidelberg Laureate Forum! [Link] Sep 2018: Our article on Javacard was published at Hackernoon! [Link] Aug 2018: Our "Cryptogame" session proposal has been accepted in Mozfest 2108. [Link] Aug 2018: Our "Cryptogame" project has been funded by the public engagement unit at UCL. [Link] July 2018: Received the Werner Romberg grant to attend the Heidelberg Laureate Forum! [Link] Jul 2018: Our write up on the JavaCard ecosystem was published by the Software Sustainability Institute and the Benthem's Gaze blog. [Link 1] [Link 2] Jun 2018: Thrilled to serve as a publications co-chair for the Privacy Enhancing Technologies symposium 2019. [Link] May 2018: Our preprint on verifiable data access is out. [Link] May 2018: Started my research visit at the systems security group in ETHz. [Link] Apr 2018: Cyber World Magazine features my article on the future of hardware-trojans and the security of chips in critical systems. [Link] Apr 2018: Presented our work on ultrasonic signals at Stanford security seminar. [Link] Apr 2018: More press coverage for our work on ultrasonic signals. [Link] Apr 2018: Presented with Giovanni Vigna (UCSB, Lastline) our work on the security of ultrasonic communications at RSA Conference. [Link] Mar 2018: Our preprint on tracking technologies found in the retail spaces is out. [Link] Feb 2018: Completed our cryptography masterclass for year-11 students. [Link]

Selected Projects



img

Encrypted Traffic Classification using High-dimensional Embeddings

This project studies the resilience of encrypted-communications schemes against adversaries that intent to breach the privacy of individual users. To evaluate widely-used schemes, we employ deep neural network models so as to map encrypted traffic traces into high-dimensional representations (see figure on the left). This enables us to generate a database of labeled traces that can then be used to classify unlabeled samples based on their proximity. Our results show that communication patterns suffice to reconstruct user activity with high accuracy and thus widely-deployed encrypted-communications systems offer weaker privacy guarantees than previously thought. This paper and the corresponding defence tools are currently under submission.

[Paper]






img

Information Leakage Classification with Deep Neural Networks

Near-field microprobes have the capability to isolate small regions of a chip surface and enable precise measurements with high spatial resolution. Being able to distinguish the activity of small regions has given rise to attacks that exploit the spatial dependencies of cryptographic algorithms in order to recover the secret key. This project introduces a set of techniques that allow security researchers to evaluate the leakage properties of any chip. We show that deep neural network models outperform previously proposed methods (e.g., difference of means, multivariate templates), especially in the context of single-shot classification and small memory regions. We validate the practicality of our proposed models by classifying the leakages from the SRAM of a modern ARM Cortex-M4 chip. Our results show that we were able to always distinguish the activity between 2 SRAM regions of 128 bytes each, while for 256 SRAM single-byte regions we achieve 32% accuracy.

[Paper]






img

MultiBallot: A Scheme for Privacy-preserving, Verifiable Statistics

Processing sensitive data for scientific purposes has the potential to bring substantial benefits both to individuals and society, however, it also requires strong guarantees that the data will not be used inappropriately. This project attempts to address some of the open challenges in the area: 1) effective ways to hold data processors accountable, 2) preserving the privacy of individuals and 3) protect the integrity of their data. For this purpose, we introduce MultiBallot, a privacy-preserving scheme that allows organizations to publish statistics derived from sensitive user data without breaching the privacy of the individual data subjects. Our scheme is based on ThreeBallot, a paper-voting design that allows voters to verify both the result of the elections (univariate operation) and that their individual vote was counted towards it. Our work extends this scheme and enables users to compute multivariate statistics on the published data. Moreover, MultiBallot can provide strong data integrity guarantees and public verifiability, when combined with a high-integrity data structure (e.g., a blockchain). These additional features make MultiBallot applicable in a wide range of data-processing scenarios such as healthcare statistics and communication records.

[Paper]






img

Leakage-Resilient Protocols for Cryptographic Operations

Cryptographic devices used in critical applications operate under the assumption that hardware components remain always compliant with their specifications. Consequently, components that contain intentional or unintentional errors (e.g., bugs, hardware trojans, backdoors) cannot reliably maintain any of their security properties. In this work, we relax this strict correctness requirement and demonstrate how trusted, high-assurance hardware can be built from untrusted and potentially malicious components. We employ more than a hundred COTS secure cryptocoprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added.

[Paper] [Code]

Publications

Peer-reviewed & Preprints

SoK: Automated Vulnerability Detection
Shereen E., Ristea D., Vyas S., McFadden S., Dwyer M., Hicks C., Mavroudis V, Under submission 2024
AI Cyber Risk Benchmark: Automated Exploitation Capabilities
Ristea D., Mavroudis V., Hicks C., 2024
CybORG++: An Enhanced Gym for the Development of Autonomous Cyber Agents [Repository]
Emerson H., Bates L., Hicks C., Mavroudis V., 2024
Online Convex Optimisation: The Optimal Switching Regret for all Segmentations Simultaneously [PDF]
Stephen P., Hicks C., Mavroudis V., Herbster, M., NeurIPS, 2024 [Spotlight]
Entity-based Reinforcement Learning for Autonomous Cyber Defence
Thompson I., Caron A., Hicks C., Mavroudis V., Workshop on Autonomous Cybersecurity (AutonomousCyber), 2024
Environment Complexity and Nash Equilibria in a Sequential Social Dilemma
Yasir M., Howes A., Mavroudis V., Hicks C., 17th European Workshop on Reinforcement Learning (EWRL), 2024
Autonomous cyber defence: Beyond games? [PDF]
Hicks C., Mavroudis V., Turing Report, 2024
International Scientific Report on the Safety of Advanced AI [PDF]
Bengio Y., Privitera D., Besiroglu T., Bommasani R., Casper S., Choi Y., Goldfarb D., Heidari H., Khalatbari L., Mavroudis V., Longpre S., Interim Report, 2024
A View on Out-of-Distribution Identification from a Statistical Testing Theory Perspective [PDF]
Caron A., Hicks C., Mavroudis V., ArXiv, 2024
Fusion Encoder Networks [PDF]
Stephen P., Hicks C., Mavroudis V., ArXiv, 2024
Mitigating Deep Reinforcement Learning Backdoors in the Neural Activation Space [PDF]
Vyas S., Hicks C., Mavroudis V., Deep Learning Security and Privacy Workshop (DLSP), 2024
Deep Reinforcement Learning for Denial-of-Service Query Discovery in GraphQL [PDF]
McFadden S., Maugeri M., Hicks C., Mavroudis V., Pierazzi F., Deep Learning Security and Privacy Workshop (DLSP), 2024
Nearest Neighbour with Bandit Feedback [PDF]
Pasteris S., Hicks C., Mavroudis V., Annual Conference on Neural Information Processing Systems (NeurIPS), 2023
Adaptive Webpage Fingerprinting from TLS Traces
Mavroudis V., Hayes J., 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2023
Reward Shaping for Happier Autonomous Cyber Security Agents
Bates E., Mavroudis V., Hicks C., 16th ACM Workshop on Artificial Intelligence and Security (AISec), 2023
Canaries and Whistles: Resilient Drone Communication Networks with (or without) Deep Reinforcement Learning
Hicks C., Mavroudis V., Foley M., Davies T., Highnam K., Watson T., 16th ACM Workshop on Artificial Intelligence and Security (AISec), 2023
Autonomous network defence using reinforcement learning
Foley M., Hicks C., Highnam K., Mavroudis V., Asia Conference on Computer and Communications Security (AsiaCCS), 2022
Inroads into Autonomous Network Defence using Explained Reinforcement Learning [PDF]
Foley M., Wang M., Hicks C., Mavroudis V., Conference on Applied Machine Learning in Information Security (CAMLIS), 2022
SIMple ID: QR Codes for Authentication Using Basic Mobile Phones in Developing Countries [PDF]
Hicks C., Mavroudis V., Crowcroft J., The 18th International Workshop on Security and Trust Management (STM), 2022
An Interface Between Legacy and Modern Mobile Devices for Digital Identity [PDF]
Mavroudis V., Hicks C., Crowcroft J., International Workshop on Emerging Technologies for Authorization and Authentication (ETAA), 2021
JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets [PDF]
Mavroudis V., Svenda P., IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), March 2020
Snappy: Fast Blockchain Payments [PDF]
Mavroudis V., , Wuest K., Dhar A., Kostiainen K., Capkun S., Network & Distributed System Security Symposium (NDSS), Feb 2020
Location, location, location: Revisiting modeling and exploitation for location-based side channel leakages. [PDF]
Andrikos C., Batina L., Chmielewski L., Lerman L., Mavroudis V., Papagiannopoulos K., Perin G., Rassias G., Sonnino A.,
25th Annual International Conference on the Theory and Application of Cryptology and Information Security (AsiaCrypt) 2019
Libra: Fair Order-Matching for Electronic Financial Exchanges. [PDF]
Mavroudis V., Melton H., Advances in Financial Technologies AFT 2019, October 2019
Bounded Temporal Fairness for FIFO Financial Markets. [PDF]
Mavroudis V., 26th International Workshop on Security Protocols SPW, April 2019
Market Manipulation as a Security Problem: Attacks and Defenses [PDF]
Mavroudis V., 12th European Workshop on Systems Security EuroSec, March 2019
Towards Low-level Cryptographic Primitives for JavaCards.
Mavroudis V., Svenda P., Oct 2018
VAMS: Verifiable Auditing of Access to Confidential Data.
Hicks A., Mavroudis V., Al-Bassam M., Meiklejohn S., Murdoch S., May 2018
Eavesdropping Whilst Youre Shopping: Balancing Personalisation and Privacy in Connected Retail Spaces [PDF]
Mavroudis V., Veale M. (Equal Contribution), PETRAS/IoTUK/IET Living in the IoT Conference, 2018.
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [PDF, ArXiv]
Mavroudis V., Cerulli A., Svenda P., Cvrcek D., Klinec D., Danezis G., 24th ACM Conference on Computer and Communications Security CCS, 2017.
CSAW 2018 Applied Research Competition Finalist.
On the Privacy and Security of the Ultrasound Tracking Ecosystem [PDF]
Mavroudis V., Hao S., Fratantonio Y., Maggi F., Kruegel C., Vigna G., Proceedings of the Privacy Enhancing Technologies Symposium PETs, 2017
Visual Analytics for Enhancing Supervised Attack Attribution in Mobile Networks [PDF]
Papadopoulos S., Mavroudis V., Drosou A., Tzovaras D., 29th International Symposium on Computer and Information Sciences, 2014

Technical Reports

The Ultrasound Tracking Ecosystem.
Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Giovanni Vigna, and Christopher Kruegel. November 2016
Correlation Analysis and Abnormal Event Detection Module.
EU FP7 Project: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem
Anomaly detection based on real-time exploitation of billing systems.
EU FP7 Project: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem
Anomaly detection within femtocell architectures.
EU FP7 Project: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem
Network information sources.
EU FP7 Project: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem

Theses

Crux: Privacy-preserving Statistics for Tor [PDF], Information Security Group, University College London, UK, 2015.
Supervisor: George Danezis
Cassiopeia: Real-time mobile security monitoring system, Dept. of Applied Informatics, University of Macedonia, Greece, 2012.
Supervisor: Ioannis Mavridis

Talks

Libra: Fair Order-Matching for Electronic Financial Exchanges., Juels Group Research Meeting, Online/Cornell University, New York, US, 29 October 2019. [Link] Cryptographic Hardware from Untrusted Components, RISE Annual Conference, London, UK, 14 November 2018. [Link] A touch of Evil: Cryptographic Hardware from Untrusted Components (poster), CSAW 2018, Valence, France, 9 November 2018. Cryptogame: Pirates & Guardians of the Galaxy, London, UK, 27 October 2018. [Link] High-Assurance Cryptographic Hardware from Untrusted Components. Stanford Security Seminar, Palo Alto, US, 19 April 2018. [Link] The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem. RSA Conference 2018, San Fransisco US, 17 April 2018. [Link] A witch-hunt for trojans in our chips. London Enterprise Tech Meetup, London, UK, 12 February 2018. [Link] Cryptographic Hardware from Untrusted Components. Cryptacus Workshop, Nijmegen, Netherlands, 16-18 November 2017. [Link] Cryptographic Hardware from Untrusted Components. IMDEA Software Inst., Madrid, Spain, 28 Sept 2017. [Link] Towards Trojan-tolerant Cryptographic Hardware. ZISC Seminar ETH, Zurich, Switzerland, 20 Sept 2017. [Link] OpenCrypto: Unchaining the JavaCard Ecosystem. Blackhat US, Las Vegas, US, 22-27 July 2017. [Link] Trojan-tolerant Hardware & Supply Chain Security in Practice. Defcon 25, Las Vegas, US, 27-30 July 2017. [Link] On the Privacy & Security of the Ultrasound Tracking Ecosystem. Computer Laboratory Security Seminar, Cambridge, UK, 21 February 2017. [Link] Talking Behind Your Back: On the Privacy & Security of the Ultrasound Tracking Ecosystem. Mozilla International Privacy Day, London, UK, 28 Jan 2017. [Link] Talking Behind Your Back: On the Privacy & Security of the Ultrasound Ecosystem. Information Security Seminar, UCL, London, UK, 19 January 2017. [Link] Talking Behind Your Back: Tough Love for the Ugly Ultrasound Tracking Ecosystem. Chaos Communication Congress, Hamburg, Germany, 27-30 Dec. 2016. [Link] Cross-device Tracking Canaries. Data Transparency Lab Conference 2016, New York, US, 17-19 Nov 2017. [Link] Talking Behind Your Back: Attacks and Countermeasures of Ultrasonic Cross-device Tracking. Blackhat Europe, London, UK, 3–4 November 2016. [Link][Slides] Cassiopeia: Mobile security monitoring. FOSS conference 2011, Greece.

Academic Service & Teaching

Publications co-chair for the Privacy Enhancing Technologies symposium 2019. Co-organizing the Hacking Seminars at UCL (2017-2018). Organizing the Information Security Seminars at UCL (2017-2018). External Reviewer for Privacy Enhancing Technologies Symposium (2017-2019). Teaching Assistant for Computer Security I module, Information Security MSc (Winter term 2017-2018). Guest Lecture on Acedemic Research, In2ScienceUK Organization (August 2017). Teaching Assistant for Computer Security II module, Information Security MSc (Spring term 2016-2017).