Talks Archive
← Back to main page · Contact Carsten Schürmann to propose a talk.
Upcoming
| Date | Time | Speaker | Topic | Location |
|---|---|---|---|---|
| 22 May 2026 | 12:00 - 13:00 | Aslan Askarov, University of Aarhus, Denmark |
The Downgrading Semantics Of Memory Safety
Memory safety is fundamental to computer security, as memory errors compromise core security mechanisms. The conventional approach to memory safety is to define it in terms of bad things that cannot happen. While this approach is presently used both in academia and industry, it also has recognized limitations. Reasoning about programs with complex behavior such as pointer casts is fragile, and it is unclear how to extend the negative lists-based approach to end-to-end security. As such, a general semantic definition of memory safety remains elusive. We present a notion of gradual allocator independence that accurately captures the allocator-dependent aspects of memory safety, focusing on heap-specific memory errors such as null-pointer dereference, use after free, double free, and heap overflow. We consider a low-level language with access to an allocator that provides malloc and free primitives in a flat memory model. Pointers are just integers, and as such it is trivial to write memory-unsafe programs. Our approach is inspired by the previously suggested connection between memory safety and noninterference, but extends that connection in a fundamentally important direction towards downgrading to account for allocators running out-of-memory and for programs having pointer-to-integer casts. This establishes a formal correspondence between two classical decades-long research areas: downgrading in information flow control and memory safety. The significance of this connection is that it decouples having a defined concrete behavior from having a good behavior, unveils a well-grounded technical device for understanding the meaning of casts, and creates opportunities for future cross-pollination between the areas. Joint work with René Rydhof Hansen and Andreas Stenbæk Larsen. To appear in PLDI 2026. |
3A08 |
Past Talks
| Date | Time | Speaker | Topic | Location |
|---|---|---|---|---|
| 08 May 2026 | 12:00 - 13:00 | Nic Cheeseman, University of Birmingham, UK | Why democratic resilience is failing in an era of autocratization | 5A09 |
| 16 Apr 2026 | 10:00 - 11:00 | Jens Myrup Pedersen, Aalborg University (CPH), Denmark | Cyber Ranges: Learning Cybersecurity through gamification and virtual labs | 3A08 |
| 15 Apr 2026 | 13:00 - 14:00 | Sepideh Ghanavati, University of Maine, USA | From Developer Insights to LLM-Powered Privacy Solutions | 2A08 |
| 27 Mar 2026 | 12:00 - 13:00 | Rob Gleasure, CBS, Denmark | Cognitive warfare and scientific research in the Nordics | 3A08 |
| 24 Mar 2026 | 13:00 - 14:00 | David Sands, Chalmers University of Technology and the University of Gothenburg, Sweden | The LLMbda Calculus: AI Agents, Conversations, and Information Flow | 3A07 |
| 13 Mar 2026 | 12:00 - 13:00 | Peter Meyer, SDU, Denmark | Cybersecurity and Privacy for Everyone | 5A09 |
| 03 Mar 2026 | 12:00 - 13:00 | Markus Krabbe Larsen, IT University of Copenhagen, Denmark | Sound rules for building Sigma-protocols (in Rocq) | 3A08 |
| 11 Dec 2025 | 12:00 - 13:00 | Jonas Kastberg Hinrichsen, IT University of Copenhagen, Denmark | Decentral Business Networks: Governance and Security | 3A07 |
| 09 Dec 2025 | 10:00 - 11:00 | Ralf Küsters, University of Stuttgart, Germany | Modeling the Web to Secure the Web: Formal Analysis of Single Sign-On Authentication and Authorization Protocol Standards | 3A07 |
| 08 Dec 2025 | 13:00 - 14:00 | Marino Miculan, University of Udine, Italy | Towards a Formally Verified Language for Stateful Authorization Policies | 4A05 |
| 01 Dec 2025 | 15:00 - 16:00 | Andrei Sabelfeld, Chalmers University, Sweden | CodeX and FakeX: Exposing Privacy Violations and Fake Reviews in Browser Extensions | 3A08 |
| 27 Nov 2025 | 12:15 - 13:15 | Peter Ryan, University of Luxembourg | From Individual Verifiability to Universally Verified Elections | 5A09 |
| 26 Nov 2025 | 13:00 - 14:00 | Eike Ritter, University of Birmingham, UK | Skolemisation for Intuitionistic Linear Logic | 5A09 |
| 06 Nov 2025 | 12:00 - 13:00 | Tobias Liebetrau, University of Copenhagen, Denmark | Infrastructuring public-private relations: Big Tech, the Ukraine War and implications to security governance | 5A09 |
| 30 Oct 2025 | 12:00 - 13:00 | Hanne Marie Motzfeldt, University of Copenhagen, Denmark | The legal clash between Danish legislative tradition and EU tech law | 2A08 |
| 21 Oct 2025 | 11:00 - 12:00 | abhi shelat, Google, USA | The Modern Credential | 2A08 |
| 20 Oct 2025 | 13:00 - 14:00 | David Hook, Legion of the Bouncy Castle | Bouncy Castle and a Post-Quantum future: API Changes, Protocol Issues, and Performance slides | 3A08 |
| 26 Sep 2025 | 12:30 - 13:00 | Takafumi Saikawa, Nagoya University, Japan | Formalization of matching numbers with finmap and mathcomp-classical | 5A08 |
| 25 Sep 2025 | 12:00 - 12:30 | Alessandro Bruni, ITU | Formalizing Concentration Inequalities in Rocq: Infrastructure and Automation | 5A09 |
| 11 Sep 2025 | 12:00 - 13:00 | Karel Panchártek, Univerzita Palackého v Olomouci, Czech Republic | HTTP flood attacks mitigation | 5A09 |
| 26 Aug 2025 | 15:00 - 16:00 | Mugdha Khedkar | Static Analysis for Android GDPR Compliance Assurance | 3A08 |
| 23 Jun 2025 | 15:00 - 16:00 | Philip Haselwater, Aarhus University | Security Proofs via Approximate Relational Reasoning for Higher-Order Probabilistic Programs | 5A09 |
| 09 Mar 2025 | 12:15 - 13:00 | Lukas Hundt Petersen | Reverse engineering MitID | 4A56 |
| 03 Mar 2025 | 12:00 - 13:00 | Raha Asadi, IT University of Copenhagen | No Silver Bullet: Towards Demonstrating Secure Software Development for Danish SMEs in a B2B Model | 5A09 |
| 10 Dec 2024 | 10:00 - 11:00 | Marino Miculan, University of Udine, Italy | A bigraph-based Formal Model and Verification Framework for Container-Based Systems | 5A09 |
| 15 Oct 2024 | 13:00 - 14:00 | Irit Hadar, University of Haifa, Israel | With great data comes great responsibility: Paving the way to responsibility by design | 3A08 |
| 25 Sep 2024 | 12:00 - 13:00 | Christina Frederikke Nissen, IT University of Copenhagen, Denmark | Tracking Code-based Verification—Design and Evaluation | 4A09 |
| 30 May 2024 | 14:00 - 15:00 | Markus Krabbe Larsen, IT University of Copenhagen, Denmark | Mechanizing state separation for modular cryptographic proofs | 4A05 |
| 01 May 2024 | 12:00 - 13:00 | Esra Yeniaras, IT University of Copenhagen, Denmark | Post Quantum Cryptography and Efficient Implementation of NIST Competition Candidates | 5A09 |
| 11 Jan 2024 | 10:00 - 11:00 | Hans Peter Reiser, Reykjavík University, Iceland | Security and systems research | 4C lounge |
| 30 Oct 2023 | 13:00 - 14:00 | Christian Jensen, DTU, Denmark | Trust, Security and Zero Trust Architectures | 2A20 |
| 28 Sep 2023 | 13:00 - 14:00 | Victor Zhora | Cyberdefense of Ukraine | Auditorium 4 |
| 20 Feb 2023 | 12:00 - 13:00 | Niek Janssen and Jens Dalgaard, IT University of Copenhagen, Denmark | Security Awareness Training Through Experiencing the Adversarial Mindset | 3A08 |
| 04 Nov 2022 | 13:00 - 14:00 | Harri Hursti | Governments are now mandating Zero Trust and Software Supply Chain Security. What do they want? | 4C hallway |
| 01 Nov 2022 | 12:00 - 13:00 | Adele Veschetti, University of Bologna, Italy | A formal analysis of blockchain consensus protocols | 2A08 |
| 17 Jun 2022 | 13:00 - 14:00 | Sebastian Mödersheim, DTU, Denmark | Rewriting Privacy | 3A08 |
| 01 Jun 2022 | 14:00 - 15:00 | David Basin, ETH Zurich, Switzerland | Using Formal Methods to Analyze Modern Payment Protocols | 4A09 |
| 25 May 2022 | 10:30 - 11:30 | Christoph Matheja, DTU, Denmark | Towards an Intermediate Verification Language for Probabilistic Programs | 3F07 |
| 25 Nov 2021 | 16:30 - 17:30 | Erwin Lansing and Jacob Buchholz Bech, DK Hostmaster / IT University of Copenhagen | DNS Security: From phonebook to global distributed database | Auditorium 2 |
| 15 Nov 2021 | 15:00 - 16:00 | Peter Y A Ryan, University of Luxembourg | Trust and Trustworthiness of Voting Systems | Online |
| 08 Nov 2021 | 15:00 - 16:00 | Christian Berghoff and Arndt von Twickel, Federal Office for Information Security, Bonn, Germany | Towards Auditable AI Systems | Online |
| 03 Nov 2021 | 14:00 - 15:00 | Bernardo Machado David, IT University of Copenhagen, Denmark | Mt. Random: Multi-Tiered Randomness Beacons | 5A10 |
| 22 Oct 2021 | 15:00 - 16:00 | Mathias Oliver Valdbjørn Jørgensen, IT University of Copenhagen, Denmark | A formal approach to coercion-resistance and its application to e-voting | 5A10 |
| 18 Oct 2021 | 15:00 - 16:00 | Dana Drachsler Cohen, Technion, Israel | Ai2: Safety and robustness certification of neural networks with abstract interpretation | Online |
| 11 Oct 2021 | 09:00 - 10:00 | Rajeev Goré, Australian National University, Australia | Modular Synthesis of Certifying STV Counting Programs | Online |
| 27 Sep 2021 | 15:00 - 16:00 | Asmita Dalela, IT University of Copenhagen, Denmark | Voters perception of Trust in Risk Limiting Audits | Online |
| 13 Sep 2021 | 15:00 - 16:00 | Karl Palmskog and Pengyu Nie, KTH Royal Institute of Technology, Sweden / University of Texas at Austin, USA | Improving proof assistant user productivity using language models | Online |
| 02 Sep 2021 | 13:00 - 14:00 | Carsten Baum, Aarhus University, Denmark | Secure Computations | 3A08 |
| 30 Aug 2021 | 15:00 - 16:00 | Tanvir Arafin | Hardware Lottery and the Perils of Computer Security | Online |
| 23 Aug 2021 | 15:00 - 16:00 | Zsolt István, IT University of Copenhagen, Denmark | Software-Defined Data Protection: Low Overhead Policy Compliance at the Storage Layer is Within Reach! | 3A08 |
| 14 Jun 2021 | 15:00 - 16:00 | Peter Mayer, Karlsruhe Institute of Technology, Germany | "Now I'm a bit angry:" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them | Online |
| 31 May 2021 | 09:00 - 10:00 | Zhe Hou, Griffith University, Australia | Silas: High-Performance Computing, Automated Reasoning and Machine Learning at the Core of Trustworthy AI | Online |
| 17 May 2021 | 15:00 - 16:00 | Diego Sempreboni, King's College London, UK | X-Men: A Mutation-Based Approach for the Formal Analysis of Security Ceremonies | Online |
| 10 May 2021 | 15:00 - 16:00 | Koundinya Vajjha, University of Pittsburgh, USA | CertRL: Formalizing Convergence Proofs for Value and Policy Iteration in Coq | Online |
| 03 May 2021 | 15:00 - 16:00 | Gordon Stewart, Ohio University, USA | Certifying the True Error: Machine Learning in Coq with Verified Generalization Guarantees | Online |
| 26 Apr 2021 | 15:00 - 16:00 | Rosario Giustolisi, IT University of Copenhagen, Denmark | Modelling Human Threats in Socio-Technical Systems | Online |
| 19 Apr 2021 | 15:00 - 16:00 | Rasmus Munksgaard, Aalborg University, Denmark | Research on illicit online markets, mainly for drugs and other goods | Online |
| 12 Apr 2021 | 15:00 - 16:00 | Carsten Baum, Aarhus University, Denmark | PESTO: Proactive Secure Distributed SSO, or How to Trust a Hacked Server | Online |
| 23 Mar 2021 | 15:00 - 16:00 | Bruce Schneier | Securing a World of Physically Capable Computers | Online |
| 08 Mar 2021 | 15:00 - 16:00 | Asmita Dalela, IT University of Copenhagen, Denmark | "It's Not Something They Really Care About": A Study on Security and Privacy Practices in Danish Companies | Online |
| 08 Feb 2021 | 15:00 - 16:00 | Robert Künnemann | Accountability without bounds! | Online |
| 11 Jan 2021 | 15:00 - 16:00 | Lorenzo Gentile | FAST: Fair Auctions via Secret Transactions | Online |
| 14 Dec 2020 | 15:00 - 16:00 | Marino Miculan, University of Udine, Italy | Automated Symbolic Verification of Telegram's MTProto 2.0 | Online |
| 07 Dec 2020 | 15:00 - 16:00 | Dmytro Khutkyy | Internet Voting in Ukraine: Context, Cases, and Considerations | Online |
| 16 Nov 2020 | 15:00 - 16:00 | Carlo Brunetta, Chalmers University, Sweden | Turn Based Communication Channels: Crypto meets Time! | Online |
| 11 Nov 2020 | 10:00 - 11:00 | Patricia Cabarcos, Karlsruhe Institute of Technology, Germany | Usable Authentication | Online |
| 02 Nov 2020 | 15:00 - 16:00 | Asmita Dalela | Assessment on the status of cybersecurity in Denmark | Online |
| 26 Oct 2020 | 15:00 - 16:00 | Edlira Dushku | Remote attestation for IoT systems | Online |
| 19 Oct 2020 | 15:00 - 16:00 | Bernardo David, IT University of Copenhagen, Denmark | Flying TARDIS with CRAFT: Modelling Time, Building Time-Based Primitives and Designing Time-based Protocols in the Universal Composability Framework | Online |
| 07 Oct 2020 | 09:40 - 10:25 | David Hook, Crypto Workshop | A Window on the Post-Quantum World: Using Merkle-Based Signature Schemes | Online |
| 01 Jul 2020 | 13:00 - 14:00 | Frederik Madsen | On the Subject of Non-Equivocation: Defining Non-Equivocation in Synchronous Agreement Systems | Online |
| 29 Jun 2020 | 14:00 - 15:00 | Ziya Alper Genc, University of Luxembourg | Key-Oriented Defense Against Cryptographic Ransomware: Challenges and Opportunities | Online |
| 02 Apr 2020 | 14:30 - 15:30 | Peter Schneider | Intrusion Detection for Cyber-Physical Systems | Online |
| 10 Mar 2020 | 09:00 - 10:00 | Thomas Edmund Haines, NTNU, Norway | Verified Verifiers for Verifiable Elections | 3A08 |
| 18 Feb 2020 | 14:00 - 15:00 | Jens Myrup Pedersen, Aalborg University, Denmark | Haaukins - an Automated Platform for Security Education | 2A08 |