Skip to main content

REactively Defending against Advanced Cybersecurity Threats

Deliverables

Threat Model

A document listing all the relevant threat models for ReAct.

Initial Dissemination Plan

This is the plan for the Dissemination and Communication Actions of the project. Input by T7.1 and T7.2.

Technology Requirements

A document listing all the primary technological requirements for implementing the needed techniques of ReAct.

Website and collaboration tools

The web site, along with the social network accounts will be the main dissemination mechanism of the project in cyberspace. For internal communication and collaboration, the partners will use the cloud (own-cloud/git or similar) and associated telecon/chat tools. Input by T7.1.

Searching for OpenAIRE data...

Publications

SoK: Make JIT-Spray Great Again

Author(s): Robert Gawlik, Thorsten Holz
Published in: Proceedings of the 12th USENIX Workshop on Offensive Technologies (WOOT 18), 2018

Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think

Author(s): tephan van Schaik, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Published in: 2018

Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks

Author(s): Ben Gras, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
Published in: 2018

Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation

Author(s): Panagiotis Papadopoulos, Panagiotis Ilia, Michalis Polychronakis, Evangelos Markatos, Sotiris Ioannidis, Giorgos Vasiliadis
Published in: 2019

ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks

Author(s): Radhesh Krishnan Konoth, Marco Oliverio, Andrei Tatar, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida, Kaveh Razavi
Published in: 2018

TIFF - Using Input Type Inference To Improve Fuzzing

Author(s): Vivek Jain, Sanjay Rawat, Cristiano Giuffrida, Herbert Bos
Published in: Proceedings of the 34th Annual Computer Security Applications Conference on - ACSAC '18, 2018, Page(s) 505-517
DOI: 10.1145/3274694.3274746

Type-After-Type - Practical and Complete Type-Safe Memory Reuse

Author(s): Erik van der Kouwe, Taddeus Kroes, Chris Ouwehand, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 34th Annual Computer Security Applications Conference on - ACSAC '18, 2018, Page(s) 17-27
DOI: 10.1145/3274694.3274705

REDQUEEN: Fuzzing with Input-to-State Correspondence

Author(s): Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz
Published in: 2019

NAUTILUS: Fishing for Deep Bugs with Grammars

Author(s): Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert
Published in: Network and Distributed System Security Symposium (NDSS 2019), 2019

Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks

Author(s): Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos
Published in: 2019

REAPER: Real-time App Analysis for Augmenting the Android Permission System

Author(s): Michalis Diamantaris, Elias P. Papadopoulos, Evangelos P. Markatos, Sotiris Ioannidis, Jason Polakis
Published in: Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (ACM CODASPY), 2019

Cookie synchronization: Everything you always wanted to know but were afraid to ask

Author(s): Panagiotis Papadopoulos, Nicolas Kourtellis, Evangelos P. Markatos
Published in: 2019

ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations

Author(s): Koustubha Bhat, Erik van der Kouwe, Herbert Bos, Cristiano Giuffrida
Published in: 2019

Practical Password Hardening based on TLS

Author(s): Constantinos Diomedous, Elias Athanasopoulos
Published in: 2019

SoK: Benchmarking Flaws in Systems Security

Author(s): Kouwe, Erik van der, Gernot Heiser, Dennis Andriesse, Herbert Bos, and Cristiano Giuffrida
Published in: 2019

KMVX: Detecting Kernel Information Leaks with Multi-Variant Execution

Author(s): Österlund, Sebastian, Koen Koning, Pierre Olivier, Antonio Barbalace, Herbert Bos, and Cristiano Giuffrida
Published in: 2019

RIDL: Rogue In-Flight Data Load

Author(s): Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida
Published in: 2019

Mind Your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises

Author(s): Platon Kotzias, Leyla Bilge, Pierre-Antoine Vervier, Juan Caballero
Published in: 2019

Tiresias - Predicting Security Events Through Deep Learning

Author(s): Yun Shen, Enrico Mariconti, Pierre Antoine Vervier, Gianluca Stringhini
Published in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18, 2018, Page(s) 592-605
DOI: 10.1145/3243734.3243811

Towards Automated Generation of Exploitation Primitives for Web Browsers

Author(s): Behrad Garmany, Martin Stoffel, Robert Gawlik, Philipp Koppe, Tim Blazytko, Thorsten Holz
Published in: Proceedings of the 34th Annual Computer Security Applications Conference on - ACSAC '18, 2018, Page(s) 300-312
DOI: 10.1145/3274694.3274723

Truth in Web Mining: Measuring the Profitability and the Imposed Overheads of Cryptojacking

Author(s): Panagiotis Papadopoulos, Panagiotis Ilia, Evangelos Markatos
Published in: 2019

Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks

Author(s): Sanghyun Hong, Pietro Frigo, Yigitcan Kaya, Cristiano Giuffrida, Tudor Dumitras
Published in: 2019

No More Chasing Waterfalls: A Measurement Study of the Header Bidding Ad-Ecosystem

Author(s): Michalis Pachilakis, Panagiotis Papadopoulos, Evangelos P. Markatos, Nicolas Kourtellis
Published in: 2019

VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching

Author(s): Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos
Published in: 2019

NetCAT: Practical Cache Attacks from the Network

Author(s): Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Published in: 2020

ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures

Author(s): Ben Gras, Cristiano Giuffrida, Michael Kurth, Herbert Bos, Kaveh Razavi
Published in: 2020

ParmeSan: Sanitizer-guided Greybox Fuzzing.

Author(s): Sebastian Österlund, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida.
Published in: 2020

TRRespass: Exploiting the Many Sides of Target Row Refresh.

Author(s): Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi.
Published in: 2020

TagBleed: Breaking KASLR on the Isolated Kernel Address Space Using Tagged TLB

Author(s): Jakob Koschel, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Published in: 2020

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways

Author(s): Teemu Rytilahti, Thorsten Holz
Published in: Proceedings 2020 Network and Distributed System Security Symposium, 2020
DOI: 10.14722/ndss.2020.24389

HYPER-CUBE: High-Dimensional Hypervisor Fuzzing

Author(s): Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wör-ner, Thorsten Holz
Published in: 2020

IJON: Exploring Deep State Spaces via Fuzzing

Author(s): Cornelius Aschermann, Sergej Schumilo, Ali Abbasi, Thorsten Holz
Published in: 2020

Aurora: Statistical Crash Analysis for Automated Root Cause Explanation

Author(s): Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, Thors-ten Holz
Published in: 2020

AntiFuzz: Impeding Fuzzing Audits of Binary Executables

Author(s): Emre Güler, Cornelius Aschermann, Ali Abbasi, and Thorsten Holz
Published in: 2019

SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap

Author(s): Savino Dambra, Leyla Bilge, Davide Balzarotti
Published in: 2020

Defeating Software Mitigations Against Rowhammer: A Surgical Precision Hammer

Author(s): Andrei Tatar, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Published in: Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10-12, 2018, Proceedings, Issue 11050, 2018, Page(s) 47-66
DOI: 10.1007/978-3-030-00470-5_3