Hi, I’m Cat.

I translate law and policy into code as a Privacy Engineer at Dynatrace. As an Internet Society Early Career Fellow and ECCRI European Cybersecurity Fellow, I’m learning to bridge the gap between tech and policy together with a fantastic bunch of fellows and experts, and am developing an introductory online course on privacy engineering.

Previously, I hacked CPUs for a living at the IAIK, had a brief but transformative glimpse into the world of Privacy and Civil Liberties Engineering at Palantir, and did my initial geeking out over computer architecture and security in my MEng in Computer Science at the University of Bristol.

When I’m not coding, you’ll usually find me in the mountains, either knee-deep in snow or gazing in awe at the views! You can check out some of my adventures here.

Research

• CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode. Pietro Borrello, Catherine Easdon, Martin Schwarzl, Roland Czerny, Michael Schwarz. 17th IEEE Workshop on Offensive Technologies (WOOT 2023). Best Paper Award 🏅
  • Paper
  • Workshop Recording
  • BlackHat USA 2022 recording
  • Ghidra processor module for static analysis
  • Dynamic analysis framework
• Rapid Prototyping for Microarchitectural Attacks. Catherine Easdon, Michael Schwarz, Martin Schwarzl, Daniel Gruss. USENIX Security Symposium 2022.
  • Paper and Conference Slides
  • Frameworks
• PLATYPUS: Software-based Power Side-Channel Attacks on x86. Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, Daniel Gruss. IEEE Symposium on Security & Privacy 2021. CVE-2020-8694 and CVE-2020-8695.
  • Website
  • Paper
  • Conference Recording
  • Music Video (yes, really!)
  • Media: The Register, Computer Weekly, arstechnica, ZDNet
• OpcodeTester: fuzzing tool for undocumented opcodes on x86 and RISC-V.
  • Code
  • Slides
  • Technical Report 2018
  • Master’s Thesis 2019
  • Hacker News discussion

Talks

Shockingly, not all about CPUs.

• Rights by Design: Privacy Engineering for the Rights of All, 18th Annual Meeting of the United Nations Internet Governance Forum (IGF), Kyoto, upcoming October 2023
• Policy Development on Generative AI based on Biometrics & Weaponizing Information Bubbles (Panel), Asia Pacific Regional Internet Governance Forum (APrIGF), Brisbane/virtual, August 2023
• Online Privacy: The Foundation of Digital Rights (Panel) - Internet Society Early Career Fellowship Symposium, virtual, July 2023
• Establishing a Long Distance Trail: The Caucasus and UBES(ters) - UBES 60th Anniversary Celebration, Bristol, February 2020
• Why Audit Your CPU? Searching for Undocumented CPU Behavior - Third School on Security & Correctness, Graz University of Technology, September 2019
• UBES Expedition Planning Workshop - University of Bristol, May 2019
• Through the Range of Light: Hiking the JMT - UBES Shorts, University of Bristol, February 2019
• Explainable DNNs: What Has Your Network Really Learnt? - Applied Deep Learning Symposium, University of Bristol, December 2018
• Undocumented CPU Behavior: Analyzing Undocumented Opcodes on Intel x86-64 - IAIK, Graz University of Technology, June 2018

Giving What We Can

I’ve taken the Giving What We Can pledge to donate 10% of my income to effective charities, and I encourage you to do the same if that’s financially feasible for you.

If you’d like to donate but don’t know how or where to start, Giving What We Can has some great resources to help guide you in evaluating which charities can do the most good with your money - and to nudge you to get started! (Check out “How Rich Am I?”)