More and more companies’ Intellectual Property (IP) is being integrated into Neural Network (NN) models. This IP has considerable value for companies and, therefore, requires adequate protection. For example, an attacker might replicate a production machines’ hardware and subsequently simply copy associated software and NN models onto the cloned hardware. To make copying NN models onto cloned hardware infeasible, we present an approach to bind NN models - and thus also the IP contained within them - to their underlying hardware. For this purpose, we link an NN model’s weights, which are crucial for its operation, to unique and unclonable hardware properties by leveraging Physically Unclonable Functions (PUFs). By doing so, sufficient accuracy can only be achieved using the target hardware to restore the original weights, rendering proper execution of the NN model on cloned hardware impossible. We demonstrate that our approach accomplishes the desired degradation of accuracy on various NN models and outline possible future improvements.

Authors: Daniel Dorfmeister, Flavio Ferrarotti, Bernhard Fischer, Martin Schwandtner and Hannes Sochor.

Don’t trust your users. This is something everyone in this industry learns rather quickly. But what are hackers, if not users with technical knowledge AND malicious intent?

In this talk, Martin shares stories from doing security-focused source code reviews against a lot of different applications.

• What are common pitfalls?
• How do attackers think when testing your application or reviewing its source code?
• What’s a hacker’s sixth sense?
• How does human code review fit in with automated testing?
• How you can make a hacker’s life harder

How Penetration Testing and Red Teaming can help your company be more secure

credit image Irnis Kubat

Would your test suite still pass if the tested code was changed? If so, there may be problems with your code, your tests, or both!

Mutation Testing reveals these cases. This talk will tell you what mutation testing is, how it works, how to use it, and its benefits, drawbacks, and history. There will be multiple examples, and a list of tools for many popular languages.

You will come away equipped with a powerful technique for making sure your tests are strict and your code is meaningful!