Skip to main content

REactively Defending against Advanced Cybersecurity Threats

Deliverables

Threat Model

A document listing all the relevant threat models for ReAct.

Dashboard Integration

A document listing the implementation details of the ReAct Dashboard

Risk Prediction: Intermediate Version

This deliverable will describe the algorithms for predicting the victims of cyberattacks

Initial Dissemination Plan

This is the plan for the Dissemination and Communication Actions of the project. Input by T7.1 and T7.2.

Risk Prediction: Final Version

This deliverable will describe the final algorithms and accuracy results of the prediction algorithms for the victims of cyberattacks

Report on the Validation Experiments

This deliverable reports on the experiment conducted to validate the data collection and analysis techniques

Vulnerability Discovery

This will be the database with information about vulnerabilities existing and new ones found

Patching Evaluation

A report with the evaluation of the techniques developed in this work package

Dashboard Evaluation

A document listing the evaluation results of the ReAct Dashboard

Selective Isolation and Protection

A report with the techniques used for discovering and isolating an exploited host

Analysis Techniques

This deliverable describes the new techniques proposed for the interpretation and analysis of the data collected by the instrumentation proposed in T51

System Evaluation

This deliverable will describe the evaluation of the probingsystem and KPIs

Technology Requirements

A document listing all the primary technological requirements for implementing the needed techniques of ReAct.

UI USer Requirements

A document listing the user requirements for the ReAct Dashboard

Dashboard Design

A document listing the design choices of the ReAct Dashboard

Next Generation Attacks

A document describing next generation of attacks that ReAct needs to consider in order to stay ahead of the security game

Final Dissemination, Communication, Exploitation and Standardization Report

This is the final version of the Exploitation and Sustainability plan It will list the activities that will have been taken by M36 and the activities that will be continued after the end of the project Input by T71 and T72

Real-time Updates

A report with the techniques used for live updating a program with limited or zero downtime

Report on Forensic-Readiness Techniques

This deliverable describes the new techniques developed in task T51 for the selective instrumentation of sensitive target to increase their forensic capabilities

Scanning: Final Version

This deliverable will describe the final algorithms andresults for Network and Host Scanning

Scanning: Preliminary Version

This deliverable will describe the algorithms and preliminary results for Network and Host Scanning

Market Analysis and Business Plan

This deliverable will survey market opportunities identify the market niche for ReAct and propose the plan for the commercial exploitation of the results of the ReAct project developments

Midterm Dissemination, Communication, Exploitations and Standardization Report

This is the mid of the project version of the Exploitation and Sustainability plan It will list the activities that will have been taken by M20 and the activities that will be continued Input by T71 and T72

Selective Software Hardening

A report with the software instrumentation techniques used to produce temporary software patches

Website and collaboration tools

The web site, along with the social network accounts will be the main dissemination mechanism of the project in cyberspace. For internal communication and collaboration, the partners will use the cloud (own-cloud/git or similar) and associated telecon/chat tools. Input by T7.1.

Searching for OpenAIRE data...

Publications

PIBE: practical kernel control-flow hardening with profile-guided indirect branch elimination

Author(s): Victor Duta, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe
Published in: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2021, Page(s) 743-757, ISBN 9781450383172
Publisher: ACM
DOI: 10.1145/3445814.3446740

Fine Grained Dataflow Tracking with Proximal Gradients

Author(s): Gabriel Ryan, Abhishek Shah, Dongdong She, Koustubha Bhat, Suman Jana
Published in: Proceedings of the 30th USE-NIX Se-cu-ri-ty Sym-po-si-um, 2021
Publisher: 30th USENIX Security Symposium

SoK: Benchmarking Flaws in Systems Security

Author(s): Erik van der Kouwe, Gernot Heiser, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida
Published in: 2019 IEEE European Symposium on Security and Privacy (EuroS&P), 2019, Page(s) 310-325, ISBN 978-1-7281-1148-3
Publisher: IEEE
DOI: 10.1109/eurosp.2019.00031

RIDL: Rogue In-Flight Data Load

Author(s): Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
Published in: 2019 IEEE Symposium on Security and Privacy (SP), 2019, Page(s) 88-105, ISBN 978-1-5386-6660-9
Publisher: IEEE
DOI: 10.1109/sp.2019.00087

No More Chasing Waterfalls - A Measurement Study of the Header Bidding Ad-Ecosystem

Author(s): Michalis Pachilakis, Panagiotis Papadopoulos, Evangelos P. Markatos, Nicolas Kourtellis
Published in: Proceedings of the Internet Measurement Conference, 2019, Page(s) 280-293, ISBN 9781450369480
Publisher: ACM
DOI: 10.1145/3355369.3355582

Who’s debugging the debuggers? exposing debug information bugs in optimized binaries

Author(s): Giuseppe Antonio Di Luna, Davide Italiano, Luca Massarelli, Sebastian Österlund, Cristiano Giuffrida, Leonardo Querzoni
Published in: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2021, Page(s) 1034-1045, ISBN 9781450383172
Publisher: ACM
DOI: 10.1145/3445814.3446695

How Did That Get In My Phone? Unwanted App Distribution on Android Devices

Author(s): Kotzias, Platon; Caballero, Juan; Bilge, Leyla
Published in: Proceedings of the 42nd IEEE Symposium on Security & Privacy (S&P 2021), 2021
Publisher: 42nd IEEE Symposium on Security & Privacy (S&P 2021)

kMVX - Detecting Kernel Information Leaks with Multi-variant Execution

Author(s): Sebastian Österlund, Koen Koning, Pierre Olivier, Antonio Barbalace, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, 2019, Page(s) 559-572, ISBN 9781450362405
Publisher: ACM
DOI: 10.1145/3297858.3304054

ProbeGuard - Mitigating Probing Attacks Through Reactive Program Transformations

Author(s): Koustubha Bhat, Erik van der Kouwe, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, 2019, Page(s) 545-558, ISBN 9781450362405
Publisher: ACM
DOI: 10.1145/3297858.3304073

TRRespass: Exploiting the Many Sides of Target Row Refresh

Author(s): Pietro Frigo, Emanuele Vannacc, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Published in: 2020 IEEE Symposium on Security and Privacy (SP), 2020, Page(s) 747-762, ISBN 978-1-7281-3497-0
Publisher: IEEE
DOI: 10.1109/sp40000.2020.00090

Rage Against the Machine Clear: A Systematic Analysis of Machine Clearsand Their Implications for Transient Execution Attacks

Author(s): Hany Ragab, Enrico Barberis, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 30th USENIX Security Symposium, 2021
Publisher: 30th USENIX Security Symposium

Nyx: Grey-box Hy-per-vi-sor Fuz-zing using Fast Snap-shots and Af-fi-ne Types

Author(s): Ser-gej Schu-mi-lo, Cor-ne-li-us Ascher-mann, Ali Ab-ba-si, Simon Wör-ner, Thors-ten Holz
Published in: Proceedings of the 30th USE-NIX Se-cu-ri-ty Sym-po-si-um, 2021
Publisher: 30th USE-NIX Se-cu-ri-ty Sym-po-si-um

VPS - excavating high-level C++ constructs from low-level binaries to protect dynamic dispatching

Author(s): Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos
Published in: Proceedings of the 35th Annual Computer Security Applications Conference, 2019, Page(s) 97-112, ISBN 9781450376280
Publisher: ACM
DOI: 10.1145/3359789.3359797

HoneyGen: Generating Honeywords Using Representation Learning

Author(s): Antreas Dionysiou, Vassilis Vassiliades, Elias Athanasopoulos
Published in: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, 2021, Page(s) 265-279, ISBN 9781450382878
Publisher: ACM
DOI: 10.1145/3433210.3453092

Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation

Author(s): Panagiotis Papadopoulos, Panagiotis Ilia, Michalis Polychronakis, Evangelos P. Markatos, Sotiris Ioannidis, Giorgos Vasiliadis
Published in: Proceedings 2019 Network and Distributed System Security Symposium, 2019, ISBN 1-891562-55-X
Publisher: Internet Society
DOI: 10.14722/ndss.2019.23070

SMASH: Synchronized Many-sided Rowhammer Attacks From JavaScript

Author(s): Finn de Ridder, Pietro Frigo,Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, Kaveh Razavi
Published in: Proceedings of the 30th USENIX Security Symposium, 2021
Publisher: 30th USENIX Security Symposium

Speculative Probing - Hacking Blind in the Spectre Era

Author(s): Enes Göktas, Kaveh Razavi, Georgios Portokalidis, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, Page(s) 1871-1885, ISBN 9781450370899
Publisher: ACM
DOI: 10.1145/3372297.3417289

CollabFuzz - A Framework for Collaborative Fuzzing

Author(s): Sebastian Österlund, Elia Geretto, Andrea Jemmett, Emre Güler, Philipp Görz, Thorsten Holz, Cristiano Giuffrida, Herbert Bos
Published in: Proceedings of the 14th European Workshop on Systems Security, 2021, Page(s) 1-7, ISBN 9781450383370
Publisher: ACM
DOI: 10.1145/3447852.3458720

Cupid : Automatic Fuzzer Selection for Collaborative Fuzzing

Author(s): Güler, Emre; Görz, Philipp; Geretto, Elia; Jemmett, Andrea; Österlund, Sebastian; Bos, Herbert; Giuffrida, Cristiano; Holz, Thorsten
Published in: Proceedings - 36th Annual Computer Security Applications Conference, ACSAC 2020, 360 - 372, 1, 2020
Publisher: 36th Annual Computer Security Applications Conference (ACSAC 2020)
DOI: 10.1145/3427228.3427266

SoK: Make JIT-Spray Great Again

Author(s): Robert Gawlik, Thorsten Holz
Published in: Proceedings of the 12th USENIX Workshop on Offensive Technologies (WOOT 18), 2018
Publisher: USENIX

Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think

Author(s): tephan van Schaik, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Published in: Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), 2018
Publisher: USENIX Association

Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks

Author(s): Ben Gras, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), 2018
Publisher: USENIX Association

Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation

Author(s): Panagiotis Papadopoulos, Panagiotis Ilia, Michalis Polychronakis, Evangelos Markatos, Sotiris Ioannidis, Giorgos Vasiliadis
Published in: 2019
Publisher: Network and Distributed System Security Symposium (NDSS 2019)

ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks

Author(s): Radhesh Krishnan Konoth, Marco Oliverio, Andrei Tatar, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida, Kaveh Razavi
Published in: Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18), 2018
Publisher: USENIX Association

TIFF - Using Input Type Inference To Improve Fuzzing

Author(s): Vivek Jain, Sanjay Rawat, Cristiano Giuffrida, Herbert Bos
Published in: Proceedings of the 34th Annual Computer Security Applications Conference on - ACSAC '18, 2018, Page(s) 505-517, ISBN 9781-450365697
Publisher: ACM Press
DOI: 10.1145/3274694.3274746

Type-After-Type - Practical and Complete Type-Safe Memory Reuse

Author(s): Erik van der Kouwe, Taddeus Kroes, Chris Ouwehand, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 34th Annual Computer Security Applications Conference on - ACSAC '18, 2018, Page(s) 17-27, ISBN 9781-450365697
Publisher: ACM Press
DOI: 10.1145/3274694.3274705

REDQUEEN: Fuzzing with Input-to-State Correspondence

Author(s): Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz
Published in: 2019
Publisher: Network and Distributed System Security Symposium (NDSS 2019)

NAUTILUS: Fishing for Deep Bugs with Grammars

Author(s): Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert
Published in: Network and Distributed System Security Symposium (NDSS 2019), 2019
Publisher: Network and Distributed System Security Symposium (NDSS 2019)

Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks

Author(s): Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos
Published in: 2019 IEEE Symposium on Security and Privacy (SP), 2019, Page(s) 55-71, ISBN 978-1-5386-6660-9
Publisher: IEEE
DOI: 10.1109/sp.2019.00089

REAPER: Real-time App Analysis for Augmenting the Android Permission System

Author(s): Michalis Diamantaris, Elias P. Papadopoulos, Evangelos P. Markatos, Sotiris Ioannidis, Jason Polakis
Published in: Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (ACM CODASPY), 2019
Publisher: ACM

Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask

Author(s): Panagiotis Papadopoulos, Nicolas Kourtellis, Evangelos Markatos
Published in: The World Wide Web Conference on - WWW '19, 2019, Page(s) 1432-1442, ISBN 9781450366748
Publisher: ACM Press
DOI: 10.1145/3308558.3313542

ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations

Author(s): Koustubha Bhat, Erik van der Kouwe, Herbert Bos, Cristiano Giuffrida
Published in: 2019
Publisher: 24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2019)

Practical Password Hardening based on TLS

Author(s): Constantinos Diomedous, Elias Athanasopoulos
Published in: 2019
Publisher: Proceedings of the 16th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)

SoK: Benchmarking Flaws in Systems Security

Author(s): Kouwe, Erik van der, Gernot Heiser, Dennis Andriesse, Herbert Bos, and Cristiano Giuffrida
Published in: 2019
Publisher: Proceedings 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019)

KMVX: Detecting Kernel Information Leaks with Multi-Variant Execution

Author(s): Österlund, Sebastian, Koen Koning, Pierre Olivier, Antonio Barbalace, Herbert Bos, and Cristiano Giuffrida
Published in: 2019
Publisher: Proceedings of the 24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2019)

RIDL: Rogue In-Flight Data Load

Author(s): Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida
Published in: 2019
Publisher: IEEE Symposium on Security and Privacy

Mind Your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises

Author(s): Platon Kotzias, Leyla Bilge, Pierre-Antoine Vervier, Juan Caballero
Published in: 2019
Publisher: Proceedings of the Network and Distributed System Security Symposium (NDSS 2019)

Tiresias - Predicting Security Events Through Deep Learning

Author(s): Yun Shen, Enrico Mariconti, Pierre Antoine Vervier, Gianluca Stringhini
Published in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18, 2018, Page(s) 592-605, ISBN 9781-450356930
Publisher: ACM Press
DOI: 10.1145/3243734.3243811

Towards Automated Generation of Exploitation Primitives for Web Browsers

Author(s): Behrad Garmany, Martin Stoffel, Robert Gawlik, Philipp Koppe, Tim Blazytko, Thorsten Holz
Published in: Proceedings of the 34th Annual Computer Security Applications Conference on - ACSAC '18, 2018, Page(s) 300-312, ISBN 9781-450365697
Publisher: ACM Press
DOI: 10.1145/3274694.3274723

Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks

Author(s): Sanghyun Hong, Pietro Frigo, Yigitcan Kaya, Cristiano Giuffrida, Tudor Dumitras
Published in: Proceedings of the 28th USENIX Security Symposium, 2019
Publisher: USENIX

No More Chasing Waterfalls: A Measurement Study of the Header Bidding Ad-Ecosystem

Author(s): Michalis Pachilakis, Panagiotis Papadopoulos, Evangelos P. Markatos, Nicolas Kourtellis
Published in: 2019
Publisher: ACM

VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching

Author(s): Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos
Published in: 2019
Publisher: 35th Annual Computer Security Applications Conference (ACSAC'19)

NetCAT: Practical Cache Attacks from the Network

Author(s): Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Published in: 2020 IEEE Symposium on Security and Privacy (SP), 2020, Page(s) 20-38, ISBN 978-1-7281-3497-0
Publisher: IEEE
DOI: 10.1109/sp40000.2020.00082

ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures

Author(s): Ben Gras, Cristiano Giuffrida, Michael Kurth, Herbert Bos, Kaveh Razavi
Published in: Proceedings 2020 Network and Distributed System Security Symposium, 2020, ISBN 1-891562-61-4
Publisher: Internet Society
DOI: 10.14722/ndss.2020.23018

ParmeSan: Sanitizer-guided Greybox Fuzzing.

Author(s): Sebastian Österlund, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida.
Published in: Proceedings of the 29th USENIX Security Symposium, 2020
Publisher: USENIX Security Symposium

TRRespass: Exploiting the Many Sides of Target Row Refresh.

Author(s): Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi.
Published in: 2020
Publisher: IEEE Symposium on Security and Privacy (S&P'20)

TagBleed: Breaking KASLR on the Isolated Kernel Address Space using Tagged TLBs

Author(s): Jakob Koschel, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Published in: 2020 IEEE European Symposium on Security and Privacy (EuroS&P), 2020, Page(s) 309-321, ISBN 978-1-7281-5087-1
Publisher: IEEE
DOI: 10.1109/eurosp48549.2020.00027

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways

Author(s): Teemu Rytilahti, Thorsten Holz
Published in: Proceedings 2020 Network and Distributed System Security Symposium, 2020, ISBN 1-891562-61-4
Publisher: Internet Society
DOI: 10.14722/ndss.2020.24389

HYPER-CUBE: High-Dimensional Hypervisor Fuzzing

Author(s): Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Worner, Thorsten Holz
Published in: Proceedings 2020 Network and Distributed System Security Symposium, 2020, ISBN 1-891562-61-4
Publisher: Internet Society
DOI: 10.14722/ndss.2020.23096

Ijon: Exploring Deep State Spaces via Fuzzing

Author(s): Cornelius Aschermann, Sergej Schumilo, Ali Abbasi, Thorsten Holz
Published in: 2020 IEEE Symposium on Security and Privacy (SP), 2020, Page(s) 1597-1612, ISBN 978-1-7281-3497-0
Publisher: IEEE
DOI: 10.1109/sp40000.2020.00117

Aurora: Statistical Crash Analysis for Automated Root Cause Explanation

Author(s): Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, Thors-ten Holz
Published in: Proceedings of the 29th USENIX Security Symposium. Boston, 2020
Publisher: 29th USENIX Security Symposium

AntiFuzz: Impeding Fuzzing Audits of Binary Executables

Author(s): Emre Güler, Cornelius Aschermann, Ali Abbasi, and Thorsten Holz
Published in: Proceedings of the 28th USENIX Security Symposium, 2019
Publisher: 28th USENIX Security Symposium

SoK: Cyber Insurance – Technical Challenges and a System Security Roadmap

Author(s): Savino Dambra, Leyla Bilge, Davide Balzarotti
Published in: 2020 IEEE Symposium on Security and Privacy (SP), 2020, Page(s) 1367-1383, ISBN 978-1-7281-3497-0
Publisher: IEEE
DOI: 10.1109/sp40000.2020.00019

SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions

Author(s): Radhesh Krishnan Konoth, Bjorn Fischer, Wan Fokkink, Elias Athanasopoulos, Kaveh Razavi, Herbert Bos
Published in: 2020 IEEE European Symposium on Security and Privacy (EuroS&P), 2020, Page(s) 569-586, ISBN 978-1-7281-5087-1
Publisher: IEEE
DOI: 10.1109/eurosp48549.2020.00043

NAUTILUS: Fishing for Deep Bugs with Grammars

Author(s): Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert
Published in: Proceedings 2019 Network and Distributed System Security Symposium, 2019, ISBN 1-891562-55-X
Publisher: Internet Society
DOI: 10.14722/ndss.2019.23412

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization

Author(s): Pietro Borrello, Daniele Cono D’Elia, Leonardo Querzoni, Cristiano Giuffrida
Published in: Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS), 2021
Publisher: ACM

REAPER - Real-time App Analysis for Augmenting the Android Permission System

Author(s): Michalis Diamantaris, Elias P. Papadopoulos, Evangelos P. Markatos, Sotiris Ioannidis, Jason Polakis
Published in: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, 2019, Page(s) 37-48, ISBN 9781450360999
Publisher: ACM
DOI: 10.1145/3292006.3300027

Mind Your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises

Author(s): Platon Kotzias, Leyla Bilge, Pierre-Antoine Vervier, Juan Caballero
Published in: Proceedings 2019 Network and Distributed System Security Symposium, 2019, ISBN 1-891562-55-X
Publisher: Internet Society
DOI: 10.14722/ndss.2019.23522

FIRestarter: Practical Software Crash Recoverywith Targeted Library-level Fault Injection

Author(s): Koustubha Bhat, Erik van der Kouwe, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2021
Publisher: DSN

auth.js: Advanced Authentication for the Web.

Author(s): Neophytos Christou, Elias Athanasopoulos.
Published in: Proceedings of the 3rd International Workshop on Emerging Technologies for Authorization and Authentication, 2020
Publisher: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (co-located with ESORICS)

REDQUEEN: Fuzzing with Input-to-State Correspondence

Author(s): Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz
Published in: Proceedings 2019 Network and Distributed System Security Symposium, 2019, ISBN 1-891562-55-X
Publisher: Internet Society
DOI: 10.14722/ndss.2019.23371

CrossTalk: Speculative Data Leaks Across Cores Are Real

Author(s): Hany Ragab, Alyssa Milburn, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 42nd IEEE Symposium on Security & Privacy (S&P 2021), 2021
Publisher: 42nd IEEE Symposium on Security & Privacy (S&P 2021)

Benchmarking Flaws Undermine Security Research

Author(s): Erik van der Kouwe, Gernot Heiser, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida
Published in: IEEE Security & Privacy, 18/3, 2020, Page(s) 48-57, ISSN 1540-7993
Publisher: IEEE Computer Society
DOI: 10.1109/msec.2020.2969862

Exploiting Mixed Binaries

Author(s): Michalis Papaevripides, Elias Athanasopoulos
Published in: ACM Transactions on Privacy and Security, 24/2, 2021, Page(s) 1-29, ISSN 2471-2566
Publisher: ACM Transactions on Privacy and Security
DOI: 10.1145/3418898

SoK: Machine vs. machine – A systematic classification of automated machine learning-based CAPTCHA solvers

Author(s): Antreas Dionysiou, Elias Athanasopoulos
Published in: Computers & Security, 97, 2020, Page(s) 101947, ISSN 0167-4048
Publisher: Pergamon Press Ltd.
DOI: 10.1016/j.cose.2020.101947

Practical Password Hardening Based on TLS

Author(s): Constantinos Diomedous, Elias Athanasopoulos
Published in: Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Gothenburg, Sweden, June 19–20, 2019, Proceedings, 11543, 2019, Page(s) 441-460, ISBN 978-3-030-22037-2
Publisher: Springer International Publishing
DOI: 10.1007/978-3-030-22038-9_21

Defeating Software Mitigations Against Rowhammer: A Surgical Precision Hammer

Author(s): Andrei Tatar, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Published in: Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10-12, 2018, Proceedings, 11050, 2018, Page(s) 47-66, ISBN 978-3-030-00469-9
Publisher: Springer International Publishing
DOI: 10.1007/978-3-030-00470-5_3

Truth in Web Mining: Measuring the Profitability and the Imposed Overheads of Cryptojacking

Author(s): Panagiotis Papadopoulos, Panagiotis Ilia, Evangelos Markatos
Published in: Information Security - 22nd International Conference, ISC 2019, New York City, NY, USA, September 16–18, 2019, Proceedings, 11723, 2019, Page(s) 277-296, ISBN 978-3-030-30214-6
Publisher: Springer International Publishing
DOI: 10.1007/978-3-030-30215-3_14