Conferences and Workshops
SIDECAR: Leveraging Debugging Extensions in Commodity Processors to Secure Software
To appear in Proceedings of the Annual Computer Security Applications Conference (ACSAC), Waikiki, Hawaii, USA, December 2024 (19.7%)
Evaluating the Effect of Improved Indirect Call Resolution on System Call Debloating
Proceedings of the Workshop on Forming an Ecosystem Around Software Transformation (FEAST), Salt Lake City, Utah, USA, October 2024
On the Dual Nature of Necessity in Use of Rust Unsafe Code
Proceedings of the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) (Industry Track), San Francisco, USA, December 2023 (44%)
SysPart: Automated Temporal System Call Filtering for Binaries
Proceedings of the ACM Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, November 2023 (19.9%)
Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary Programs
Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS), Melbourne, Australia, July 2023
Towards Understanding the Performance of Rust (Short paper)
Proceedings of the International Conference on Automated Software Engineering (ASE) – Industry Showcase, Oakland Center, MI, USA, October 2022
Debloating Address Sanitizer
Proceedings of the USENIX Security Symposium, Boston, MA, USA, August 2022 (18.1%)
An In-Depth Analysis on Adoption of Attack Mitigations in Embedded Devices (invited)
The Learning from Authoritative Security Experiment Results (LASER) workshop, San Diego, CA, USA, April 2022
Building Embedded Systems Like It’s 1996
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, April 2022 (16.2%)
Proving LTL Properties of Bitvector Programs and Decompiled Binaries
Proceedings of the Asian Symposium on Programming Languages and Systems (APLAS), Chicago, IL, USA, October 2021
Towards Optimal Use of Exception Handling Information for Function Detection
Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Virtual, June 2021 (16.3%)
SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask
Proceedings of the IEEE Symposium on Security and Privacy, Virtual, May 2021 (12.1%)
Speculative Probing: Hacking Blind in the Spectre Era Pwnie award for most innovative research
Proceedings of the ACM Conference on Computer and Communications Security (CCS), Virtual, November 2020 (16.9%)
Nibbler: Debloating Binary Shared Libraries
Proceedings of the Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, December 2019 (22.6%)
Position-independent Code Reuse: On the Effectiveness of ASLR in the Absence of Information Disclosure
Proceedings of the IEEE European Symposium on Security and Privacy, London, United Kingdom, April 2018 (22.9%)
Techu: Open and Privacy-preserving Crowdsourced GPS for the Masses
Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), Niagara Falls, NY, USA, June 2017 (18%)
Location-enhanced Authentication using the IoT
Proceedings of the Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, USA, December 2016 (22.8%)
Bypassing CLANG’s Safestack for Fun and Profit
Black Hat Europe, London, UK, November 2016
NaClDroid: Native Code Isolation for Android Applications
Proceedings of the European Symposium on Research in Computer Security (ESORICS), Heraklion, Crete, Greece, September 2016 (21%)
Undermining Entropy-based Information Hiding (And What to do About it)
Proceedings of the USENIX Security Symposium, Austin, TX, USA, August 2016 (15.55%)
Speculative Memory Checkpointing
Proceedings of the ACM/IFIP/USENIX Middleware Conference, Vancouver, Canada, December 2015
ShrinkWrap: VTable Protection without Loose Ends Outstanding student paper award
Proceedings of the Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, USA, December 2015 (24.4%)
WYSISNWIV: What You Scan Is Not What I Visit
Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), Kyoto, Japan, November 2015 (22.69%)
GPU-Disasm: A GPU based x86 Disassembler
Proceedings of the Information Security Conference (ISC), Trondheim, Norway, September 2015 (29.1%)
The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, February 2015 (19.6%)
Size Does Matter - Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard
Proceedings of the USENIX Security Symposium, San Diego, CA, USA, August 2014 (19.1%)
Out Of Control: Overcoming Control-Flow Integrity DCSRA 2015 winner
Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 2014 (13.6%)
The Best of Both Worlds. A Framework for the Synergistic Operation of Host and Cloud Anomaly-based IDS for Smartphones
Proceedings of the European Workshop on System Security (EUROSEC), Amsterdam, The Netherlands, April 2014 (42.9%)
On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records
Proceedings of the Passive and Active Measurement (PAM) Conference, Los Angeles, CA, USA, March 2014 (31.5%)
SAuth: Protecting User Accounts from Password Database Leaks
Proceedings of the ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013 (19.8%)
ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking
Proceedings of the ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013 (19.8%)
Cloudopsy: an Autopsy of Data Flows in the Cloud
Proceedings of the International Conference on Human-Computer Interaction (HCI), Las Vegas, NV, USA, July 2013
Self-Healing Multitier Architectures Using Cascading Rescue Points
Proceedings of the Annual Computer Security Applications Conference (ACSAC), Orlando, FL, USA, December 2012 (19%)
Exploiting Split Browsers for Efficiently Protecting User Data
Proceedings of The ACM Cloud Computing Security Workshop (CCSW), Raleigh, NC, USA, October 2012
Adaptive Defenses for Commodity Software through Virtual Application Partitioning
Proceedings of the ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, USA, October 2012 (18.9%)
kGuard: Lightweight Kernel Protection against Return-to-user Attacks
Proceedings of the USENIX Security Symposium, Bellevue, WA, USA, August 2012 (19.4%)
libdft: Practical Dynamic Data Flow Tracking for Commodity Systems
Proceedings of the ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), London, UK, March 2012
A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware
Proceedings of the Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, February 2012 (17.8%)
A Multilayer Overlay Network Architecture for Enhancing IP Service Availability Against DoS
Proceedings of the International Conference on Information Systems Security (ICISS), Kolkata, India, December 2011 (22.8%)
REASSURE: A Self-contained Mechanism for Healing Software Using Rescue Points Best paper award
Proceedings of the International Workshop on Security (IWSEC), Tokyo, Japan, November 2011
Taint-Exchange: a Generic System for Cross-process and Cross-host Taint Tracking
Proceedings of the International Workshop on Security (IWSEC), Tokyo, Japan, November 2011
Detecting Traffic Snooping in Tor Using Decoys
Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, USA, September 2011 (23%)
Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution
Proceedings of the ARO Workshop on Moving Target Defense, Fairfax, VA, USA, January 2011
Fast and Practical Instruction-Set Randomization for Commodity Systems
Proceedings of the Annual Computer Security Applications Conference (ACSAC), Austin, TX, USA, December 2010 (17%)
Paranoid Android: Versatile Protection For Smartphones
Proceedings of the Annual Computer Security Applications Conference (ACSAC), Austin, TX, USA, December 2010 (17%)
iLeak: a Lightweight System for Detecting Inadvertent Information Leaks
Proceedings of the European Conference on Computer Network Defense (EC2ND), Berlin, Germany, October 2010
Eudaemon: Involuntary and On-Demand Emulation Against Zero-Day Exploits
Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems, Glasgow, Scotland, April 2008 (18%)
Argos: Emulated Hardware Support to Fingerprint Zero-Day Attacks by Means of Dynamic Data Flow Analysis
Proceedings of the Annual Conference of the Advanced School for Computing and Imaging (ASCI), Belgium, June 2006
Argos: an Emulator for Fingerprinting Zero-Day Attacks
Proceedings of ACM SIGOPS EUROSYS, Leuven, Belgium, April 2006 (20%)
Argos: Securing IP Communications Against Zero-Day Attacks
Proceedings of NLUUG Unix Users Group Annual Conference, The Netherlands, April 2006 (invited)
FFPF: Fairly Fast Packet Filters
Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), San Francisco, CA, USA, December 2004 (14%)
Patents
Methods, Systems, and Media for Authenticating Users Using Multiple Services
U.S. Patent US10367797. Issued on July 30, 2019
Journals
Large-Scale Debloating of Binary Shared Libraries
Digital Threats: Research and Practice (DTRAP) (Volume 1, Issue 4, Pages 1–28, December 2020)
Detection and Analysis of Eavesdropping in Anonymous Communication Networks
International Journal of Information Security (IJIS) (Volume 14, Issue 3, Pages 205–220, August 2015)
kGuard: Lightweight Kernel Protection
USENIX;login: Magazine (Volume 37, Issue 6, Pages 7–14, December 2012)
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Elsevier Journal on Computer Networks, Special Issue on Security through Self-Protecting and Self-Healing Systems (Volume 51, Issue 5, Pages 1256–1274, April 2007)
Books/Book Chapters
Evaluating Control-Flow Restricting Defenses
In Per Larsen and Ahmad-Reza Sadeghi, editors, The Continuing Arms Race: Code-Reuse Attacks and Defenses, chapter 5, pages 117--137. ACM and Morgan & Claypool, 2018
Technical Reports
On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records
Technical report CUCS-019-13, Columbia University, New York, NY, USA, July 2013
libdft: Practical Dynamic Data Flow Tracking for Commodity Systems
Technical report CUCS-044-11, Columbia University, New York, NY, USA, October 2011
Detecting Traffic Snooping in Anonymity Networks Using Decoys
Technical report CUCS-005-11, Columbia University, New York, NY, USA, February 2011
Protecting Smart Phones by Means of Execution Replication
Technical report IR-CS-054, Vrije Universiteit, Amsterdam, The Netherlands, September 2009
Multi-tier intrusion detection by means of replayable virtual machines
Technical report IR-CS-047, Vrije Universiteit, Amsterdam, The Netherlands, August 2008
Prospector: a Protocol-Specific Detector of Polymorphic Buffer Overflows
Technical report IR-CS-023, Vrije Universiteit, Amsterdam, The Netherlands, June 2006
Argos: an x86 Emulator for Fingerprinting Zero-Day Attacks by Means of Dynamic Data Flow Analysis
Technical report IR-CS-017, Vrije Universiteit, Amsterdam, The Netherlands, June 2005
SweetBait: Zero-Hour Worm Detection and Containment Using Honeypots
Technical report IR-CS-015, Vrije Universiteit, Amsterdam, The Netherlands, May 2005
Packet Monitoring at High Speed with FFPF
Technical report 2004-01, LIACS, Leiden University, Leiden, The Netherlands, January 2004
Study and Bridging of Peer-to-Peer File Sharing Systems
Technical report 312, ICS-FORTH, Heraklion, Crete, Greece, October 2002
Unpublished
Redirect2Own: Protecting the Intellectual Property of User-uploaded Content through Off-site Indirect Access
arXiv:1810.04779, October 2018
Hands-Free One-Time and Continuous Authentication Using Glass Wearable Devices
arXiv:1810.02496, October 2018