Hi, I’m Cat.

I translate law and policy into code as a Senior Privacy Engineer at Dynatrace. I’m also developing an introductory online course on privacy engineering and keeping one foot (…sometimes it feels like both feet!) in the world of research, exploring technology’s impact on society with a focus on privacy and human rights. I’m interested in privacy concerns at every layer of the tech stack, but especially so at the hardware level.

Previously, I explored how to bridge the gap between tech and policy as an Internet Society Early Career Fellow and ECCRI European Cybersecurity Fellow, hacked CPUs for a living at the IAIK, had a brief but transformative glimpse into the world of Privacy and Civil Liberties Engineering at Palantir, and did my initial geeking out over computer architecture and security in my MEng in Computer Science at the University of Bristol.

When I’m not coding, you’ll usually find me in the mountains, either knee-deep in snow or gazing in awe at the views! You can check out some of my adventures here.

Research

• CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode. Pietro Borrello, Catherine Easdon, Martin Schwarzl, Roland Czerny, Michael Schwarz. 17th IEEE Workshop on Offensive Technologies (WOOT 2023). Best Paper Award 🏅
  • Paper
  • Workshop Recording
  • BlackHat USA 2022 recording
  • Ghidra processor module for static analysis
  • Dynamic analysis framework
• Rapid Prototyping for Microarchitectural Attacks. Catherine Easdon, Michael Schwarz, Martin Schwarzl, Daniel Gruss. USENIX Security Symposium 2022.
  • Paper and Conference Slides
  • Frameworks
• PLATYPUS: Software-based Power Side-Channel Attacks on x86. Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, Daniel Gruss. IEEE Symposium on Security & Privacy 2021. CVE-2020-8694 and CVE-2020-8695.
  • Website
  • Paper
  • Conference Recording
  • Music Video (yes, really!)
  • Media: The Register, Computer Weekly, arstechnica, ZDNet
• OpcodeTester: fuzzing tool for undocumented opcodes on x86 and RISC-V.
  • Code
  • Slides
  • Technical Report 2018
  • Master’s Thesis 2019
  • Hacker News discussion

Talks

Shockingly, not all about CPUs!

• Privacy by Design in the SDLC: Why, When, How?, WeAreDevelopers World Congress, Berlin/virtual, July 2024
• That’s rather inappropriate, dear: the challenges of determining ‘appropriate’ measures for personal data deletion, International Workshop on Privacy Engineering (industry track), Vienna, July 2024
• Defence against the Dark Patterns: UX Lessons from the Deceptive Side of the Web, Web Summer Camp (UX track), Opatija, July 2024
• Privacy Leaks Beyond the Class-Level: Protecting Personal Data, Java Vienna, June 2024
• Rights by Design: Privacy Engineering for the Rights of All, 18th Annual Meeting of the United Nations Internet Governance Forum (IGF), Kyoto, October 2023
• Policy Development on Generative AI based on Biometrics & Weaponizing Information Bubbles (Panel), Asia Pacific Regional Internet Governance Forum (APrIGF), Brisbane/virtual, August 2023
• Online Privacy: The Foundation of Digital Rights (Panel) - Internet Society Early Career Fellowship Symposium, virtual, July 2023
• Establishing a Long Distance Trail: The Caucasus and UBES(ters) - UBES 60th Anniversary Celebration, Bristol, February 2020
• Why Audit Your CPU? Searching for Undocumented CPU Behavior - Third School on Security & Correctness, Graz University of Technology, September 2019
• UBES Expedition Planning Workshop - University of Bristol, May 2019
• Through the Range of Light: Hiking the JMT - UBES Shorts, University of Bristol, February 2019
• Explainable DNNs: What Has Your Network Really Learnt? - Applied Deep Learning Symposium, University of Bristol, December 2018
• Undocumented CPU Behavior: Analyzing Undocumented Opcodes on Intel x86-64 - IAIK, Graz University of Technology, June 2018

Academic Service

• ACM CCS: Program Committee (Hardware, Side Channels, and Cyber-Physical Systems Track) 2023, 2024
• USENIX PEPR: Program Committee 2024
• IACR CHES: Artifact Review Committee 2023

Giving What We Can

I’ve taken the Giving What We Can 🔸 10% Pledge, and I encourage you to do the same if that’s financially feasible for you.

If you’d like to donate but don’t know how or where to start, Giving What We Can has some great resources to help guide you in evaluating which charities can do the most good with your money - and to nudge you to get started! (Check out “How Rich Am I?”)