The Quest for my Perfect MATE. Investigate MATE: Man-at-the-End attacker (followed by a hands-on application). 

Shannon sought security against an attacker with unlimited computational powers: if an information source conveys some information, then Shannon’s attacker will surely extract that information. Diffie and Hellman refined Shannon’s attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science leading to modern cryptography, which also sought security against an attacker with unlimited logical and observational powers. The popular formulation, going back to Kerckhoffs, is that “there is no security by obscurity”, meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys.

However, this paradigm is challenged by the Man‑at‑the‑End (MATE) threat model, in which attackers are assumed to have full control over the execution environment, including the ability to inspect and manipulate runtime memory. In such settings, traditional cryptographic assumptions break down, as secrets may be exposed during execution even if the underlying algorithms are secure. This makes many real‑world systems, such as anti‑cheat solutions, vulnerable by design. This presentation will explore MATE as a distinct and increasingly relevant threat model. In particular, it examines the implications of limiting attackers’ logical and programming capabilities, while attempting to answer the following question: can the system gain some security by actively learning attacker’s methods, and adapting to them? 

Session held in conjunction with the winter school of the CyberSchool. Please register here : https://framaforms.org/ecole-dhiver-recherche-de-la-cyberschool-10-12-fevrier-2026-1768217296.