Elie Bursztein | |
---|---|
Born | 1980 (age 43–44) France |
Education |
|
Known for |
|
Scientific career | |
Fields | |
Institutions | |
Thesis | Anticipation games: Game theory applied to network security (2008) |
Doctoral advisor | Jean Goubault-Larrecq |
Website | elie |
Elie Bursztein, [r 1] (born 1980) is a French computer scientist and software engineer. He is Google and DeepMind AI cybersecurity technical and research lead.
Bursztein obtained a computer engineering degree from EPITA in 2004, a master's degree in computer science from Paris Diderot University/ENS in 2005, and a PhD in computer science from École normale supérieure Paris-Saclay in 2008 with a dissertation titled Anticipation games: Game theory applied to network security.
Before joining Google, Bursztein was a post-doctoral fellow at Stanford University's Security Laboratory, where he collaborated with Dan Boneh and John Mitchell on web security, [p 1] [p 2] game security, [p 3] [p 4] and applied cryptographic research. [p 5] His work at Stanford University included the first cryptanalysis of the inner workings of Microsoft's DPAPI (Data Protection Application Programming Interface), [p 6] the first evaluation of the effectiveness of private browsing, [p 7] [r 2] and many advances to CAPTCHA security [p 8] [p 9] [p 10] and usability. [p 11]
Bursztein has discovered, reported, and helped fix hundreds of vulnerabilities, including securing Twitter's frame-busting code, [r 3] exploiting Microsoft's location service to track the position of mobile devices, [r 4] and exploiting the lack of proper encryption in the Apple App Store to steal user passwords and install unwanted applications. [r 5]
Bursztein joined Google in 2012 as a research scientist. He founded the Anti-Abuse Research Team in 2014 and became the lead of the Security and Anti-Abuse Research teams in 2017. [r 6] In 2023, he became Google and DeepMind AI cybersecurity technical and research lead.
Bursztein's contributions at Google include:
In 2023 Elie founded the Etteilla Foundation [r 25] dedicated to preserving and promoting the rich heritage of playing cards and donated his extensive collection of historical playing cards decks and tarots to it.
Bursztein is an accomplished magician and he posted magic tricks weekly on Instagram during the 2019 pandemic. [r 26]
In 2014, following his talk on hacking Hearthstone using machine learning, [p 27] he decided not to make his prediction tool open source at Blizzard Entertainment’s request. [r 27]
A CAPTCHA is a type of challenge–response test used in computing to determine whether the user is human in order to deter bot attacks and spam.
Dan Boneh is an Israeli–American professor in applied cryptography and computer security at Stanford University.
Martín Abadi is an Argentine computer scientist, working at Google as of 2024. He earned his Doctor of Philosophy (PhD) in computer science from Stanford University in 1987 as a student of Zohar Manna.
Randy Howard Katz is a distinguished professor emeritus at University of California, Berkeley of the electrical engineering and computer science department.
Gernot Heiser is a Scientia Professor and the John Lions Chair for operating systems at UNSW Sydney, where he leads the Trustworthy Systems group (TS).
Lorrie Faith Cranor is an American academic who is the FORE Systems Professor of Computer Science and Engineering and Public Policy at Carnegie Mellon University and is the director of the Carnegie Mellon Usable Privacy and Security Laboratory. She has served as Chief Technologist of the Federal Trade Commission, and she was formerly a member of the Electronic Frontier Foundation Board of Directors. Previously she was a researcher at AT&T Labs-Research and taught in the Stern School of Business at New York University. She has authored over 110 research papers on online privacy, phishing and semantic attacks, spam, electronic voting, anonymous publishing, usable access control, and other topics.
A device fingerprint or machine fingerprint is information collected about the software and hardware of a remote computing device for the purpose of identification. The information is usually assimilated into a brief identifier using a fingerprinting algorithm. A browser fingerprint is information collected specifically by interaction with the web browser of the device.
Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.
Stephanie Forrest is an American computer scientist and director of the Biodesign Center for Biocomputing, Security and Society at the Biodesign Institute at Arizona State University. She was previously Distinguished Professor of Computer Science at the University of New Mexico in Albuquerque. She is best known for her work in adaptive systems, including genetic algorithms, computational immunology, biological modeling, automated software repair, and computer security.
Patrick Denis Lincoln is an American computer scientist leading the Computer Science Laboratory (CSL) at SRI International. Educated at MIT and then Stanford, he joined SRI in 1989 and became director of the CSL around 1998. He previously held positions with ETA Systems, Los Alamos National Laboratory, and MCC.
Justin Cappos is a computer scientist and cybersecurity expert whose data-security software has been adopted by a number of widely used open-source projects. His research centers on software update systems, security, and virtualization, with a focus on real-world security problems.
Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.
J. Alex Halderman is professor of computer science and engineering at the University of Michigan, where he is also director of the Center for Computer Security & Society. Halderman's research focuses on computer security and privacy, with an emphasis on problems that broadly impact society and public policy.
Sushil Jajodia is an American computer scientist known for his work on cyber security and privacy, databases, and distributed systems.
Differential testing, also known as differential fuzzing, is a popular software testing technique that attempts to detect bugs, by providing the same input to a series of similar applications, and observing differences in their execution. Differential testing complements traditional software testing, because it is well-suited to find semantic or logic bugs that do not exhibit explicit erroneous behaviors like crashes or assertion failures. Differential testing is sometimes called back-to-back testing.
Carmela González Troncoso is a Spanish telecommunication engineer and researcher specialized in privacy issues, and an LGBT+ activist. She is currently a tenure track assistant professor at École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland and the head of the SPRING lab. Troncoso gained recognition for her leadership of the European team developing the DP-3T protocol that aims at the creation of an application to facilitate the tracing of COVID-19 infected persons without compromising on the privacy of citizens. Currently she is also member of the Swiss National COVID-19 Science Task Force in the expert group on Digital Epidemiology. In 2020, she was listed among Fortune magazine's 40 Under 40.
Cross-site leaks, also known as XS-leaks, are a class of attacks used to access a user's sensitive information on another website. It is a term found in internet security. Cross-site leaks allow an attacker to access a user's interactions with other websites. This can contain sensitive information. Web browsers normally stop other websites from seeing this information. This is enforced through a set of rules called the same-origin policy. Attackers can sometimes get around these rules, using a "cross-site leak". Attacks using a cross-site leak are often initiated by enticing users to visit the attacker's website. Upon visiting, the attacker uses malicious code on their website to interact with another website. This can be used by a attacker to learn about the user's previous actions on the other website. The information from this attack can uniquely identify the user to the attacker.
An oblivious pseudorandom function (OPRF) is a cryptographic function, similar to a keyed-hash function, but with the distinction that in an OPRF two parties cooperate to securely compute a pseudorandom function (PRF).
Hovav Shacham is a professor in computer security at the University of Texas at Austin. He has made many advances to both cryptography and computer security.
Keystroke inference attacks are a class of privacy-invasive technique that allows attackers to infer what a user is typing on a keyboard.