My Photo

I am an assistant professor of Computer Science at ETH Zürich. I am a member of the Information Security Institute and of ZISC, and an associated faculty of the ETHZ AI Center.

My research interests lie in Computer Security, Machine Learning and Cryptography. In my current work, I study the worst-case behavior of Deep Learning systems from an adversarial perspective, to understand and mitigate long-term threats to the safety and privacy of users.

I received my PhD from Stanford University under the supervision of by Dan Boneh. Part of my graduate studies were generously supported by the Swiss National Science Foundation and the Open Philanthropy Project. After graduating, I spent one year at Google Brain.

Office: Universitätstrasse 6, CAB E79, CH-8092 Zürich

Twitter Google Scholar LinkedIn

Current group


Some of my recorded talks

Does Adversarial Machine Learning Research Matter? (AdvML 2021)

Measuring and Enhancing the Security of Machine Learning (my "job talk")

Adversarial Examples (Machine Learning Street Talk)

Remote Side-Channel Attacks on Anonymous Cryptocurrencies (USENIX Security)

On Adaptive Attacks to Adversarial Examples Defenses (USENIX ScAINet)

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware (ICLR)