BibBase https://api.zotero.org/groups/516927/items?key=WUQ7qUZtQwBRWImCcLiBlYuS&order=date&sort=desc&format=bibtex&limit=100

generated by

Group by
- Year
- Author
- Type
- Keyword
- Downloads

2024 (9)

InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2. Wiebing, S.; de Faveri Tron, A.; Bos, H.; and Giuffrida, C. In USENIX Security, August 2024.

InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2 [pdf]

Paper

InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2 [link]

Web

Code link bibtex 98 downloads

@inproceedings{wiebing_inspectre_2024,
	title = {{InSpectre} {Gadget}: {Inspecting} the {Residual} {Attack} {Surface} of {Cross}-privilege {Spectre} v2},
	url = {Paper=https://download.vusec.net/papers/inspectre_sec24.pdf Web=https://vusec.net/projects/native-bhi Code=https://github.com/vusec/inspectre-gadget},
	booktitle = {{USENIX} {Security}},
	author = {Wiebing, Sander and de Faveri Tron, Alvise and Bos, Herbert and Giuffrida, Cristiano},
	month = aug,
	year = {2024},
	keywords = {class\_sidechannels, proj\_allocamelus, proj\_intersect, proj\_rescale, type\_ae, type\_conf, type\_cve\_assigned, type\_paper, type\_tier1, type\_top},
}

Practical Data-Only Attack Generation. Johannesmeyer, B.; Slowinska, A.; Bos, H.; and Giuffrida, C. In USENIX Security, August 2024.

Practical Data-Only Attack Generation [pdf]

Paper

Practical Data-Only Attack Generation [link]

Code link bibtex 48 downloads

@inproceedings{johannesmeyer_practical_2024,
	title = {Practical {Data}-{Only} {Attack} {Generation}},
	url = {Paper=https://download.vusec.net/papers/einstein_sec24.pdf Code=https://github.com/vusec/einstein},
	booktitle = {{USENIX} {Security}},
	author = {Johannesmeyer, Brian and Slowinska, Asia and Bos, Herbert and Giuffrida, Cristiano},
	month = aug,
	year = {2024},
	keywords = {class\_binary, proj\_intersect, proj\_theseus, type\_ae, type\_conf, type\_paper, type\_tier1, type\_top},
}

GhostRace: Exploiting and Mitigating Speculative Race Conditions. Ragab, H.; Mambretti, A.; Kurmus, A.; and Giuffrida, C. In USENIX Security, August 2024.

GhostRace: Exploiting and Mitigating Speculative Race Conditions [pdf]

Paper

GhostRace: Exploiting and Mitigating Speculative Race Conditions [link]

Web

Code link bibtex 345 downloads

@inproceedings{ragab_ghostrace_2024,
	title = {{GhostRace}: {Exploiting} and {Mitigating} {Speculative} {Race} {Conditions}},
	url = {Paper=https://download.vusec.net/papers/ghostrace_sec24.pdf Web=https://www.vusec.net/projects/ghostrace Code=https://github.com/vusec/ghostrace},
	booktitle = {{USENIX} {Security}},
	author = {Ragab, Hany and Mambretti, Andrea and Kurmus, Anil and Giuffrida, Cristiano},
	month = aug,
	year = {2024},
	keywords = {class\_sidechannels, proj\_allocamelus, proj\_intersect, proj\_rescale, type\_conf, type\_cve\_assigned, type\_paper, type\_tier1, type\_top},
}

SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch Caching. Duta, V.; Aloserij, M.; and Giuffrida, C. In USENIX Security, August 2024.
link bibtex

@inproceedings{duta_safefetch_2024,
	title = {{SafeFetch}: {Practical} {Double}-{Fetch} {Protection} with {Kernel}-{Fetch} {Caching}},
	booktitle = {{USENIX} {Security}},
	author = {Duta, Victor and Aloserij, Mitchel and Giuffrida, Cristiano},
	month = aug,
	year = {2024},
	keywords = {class\_sanitizer, proj\_allocamelus, proj\_intersect, proj\_rescale, proj\_theseus, type\_ae, type\_conf, type\_paper, type\_tier1, type\_top},
}

Sticky Tags: Efficient and Deterministic Spatial Memory Error Mitigation using Persistent Memory Tags. Gorter, F.; Kroes, T.; Bos, H.; and Giuffrida, C. In S&P, May 2024.
link bibtex

@inproceedings{gorter_sticky_2024,
	title = {Sticky {Tags}: {Efficient} and {Deterministic} {Spatial} {Memory} {Error} {Mitigation} using {Persistent} {Memory} {Tags}},
	booktitle = {S\&{P}},
	author = {Gorter, Floris and Kroes, Taddeus and Bos, Herbert and Giuffrida, Cristiano},
	month = may,
	year = {2024},
	keywords = {class\_sanitizer, proj\_allocamelus, proj\_intersect, proj\_rescale, proj\_theseus, type\_conf, type\_paper, type\_tier1, type\_top},
}

Leaky Address Masking: Exploiting Unmasked Spectre Gadgets with Noncanonical Address Translation. Hertogh, M.; Wiebing, S.; and Giuffrida, C. In S&P, May 2024.

Leaky Address Masking: Exploiting Unmasked Spectre Gadgets with Noncanonical Address Translation [pdf]

Paper

Leaky Address Masking: Exploiting Unmasked Spectre Gadgets with Noncanonical Address Translation [link]

Web

Code link bibtex 356 downloads

@inproceedings{hertogh_leaky_2024,
	title = {Leaky {Address} {Masking}: {Exploiting} {Unmasked} {Spectre} {Gadgets} with {Noncanonical} {Address} {Translation}},
	url = {Paper=https://download.vusec.net/papers/slam_sp24.pdf Web=https://www.vusec.net/projects/slam Code=https://github.com/vusec/slam},
	booktitle = {S\&{P}},
	author = {Hertogh, Mathé and Wiebing, Sander and Giuffrida, Cristiano},
	month = may,
	year = {2024},
	keywords = {class\_sidechannels, proj\_allocamelus, proj\_intersect, proj\_rescale, type\_conf, type\_paper, type\_tier1, type\_top},
}

Native BHI Vulnerability. Wiebing, S.; de Faveri Tron, A.; Bos, H.; and Giuffrida, C. April 2024. Affected vendors: Intel, Linux, Other SW Vendors

Web

CVE-2024-2201 link bibtex 1 download

@misc{wiebing_native_2024,
	title = {Native {BHI} {Vulnerability}},
	url = {Web=https://www.vusec.net/projects/native-bhi CVE-2024-2201=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201},
	author = {Wiebing, Sander and de Faveri Tron, Alvise and Bos, Herbert and Giuffrida, Cristiano},
	month = apr,
	year = {2024},
	note = {Affected vendors: Intel, Linux, Other SW Vendors},
	keywords = {type\_cve},
}

GhostRace Vulnerability. Ragab, H.; Mambretti, A.; Kurmus, A.; and Giuffrida, C. March 2024. Affected vendors: All Major HW Vendors, Linux, Other SW Vendors

Web

CVE-2024-2193

CVE-2024-26602 (Linux) link bibtex

@misc{ragab_ghostrace_2024-1,
	title = {{GhostRace} {Vulnerability}},
	url = {Web=https://www.vusec.net/projects/ghostrace CVE-2024-2193=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2193 CVE-2024-26602_(Linux)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26602},
	author = {Ragab, Hany and Mambretti, Andrea and Kurmus, Anil and Giuffrida, Cristiano},
	month = mar,
	year = {2024},
	note = {Affected vendors: All Major HW Vendors, Linux, Other SW Vendors},
	keywords = {type\_cve},
}

Predictive Context-sensitive Fuzzing. Borrello, P.; Fioraldi, A.; D'Elia, D. C.; Balzarotti, D.; Querzoni, L.; and Giuffrida, C. In NDSS, February 2024.

Predictive Context-sensitive Fuzzing [pdf]

Paper

Predictive Context-sensitive Fuzzing [link]

Code link bibtex 43 downloads

@inproceedings{borrello_predictive_2024,
	title = {Predictive {Context}-sensitive {Fuzzing}},
	url = {Paper=https://download.vusec.net/papers/pcsfuzzing_ndss24.pdf Code=https://github.com/eurecom-s3/predictive-cs-fuzzing},
	booktitle = {{NDSS}},
	author = {Borrello, Pietro and Fioraldi, Andrea and D'Elia, Daniele Cono and Balzarotti, Davide and Querzoni, Leonardo and Giuffrida, Cristiano},
	month = feb,
	year = {2024},
	keywords = {class\_testing, proj\_intersect, proj\_memo, proj\_rescale, type\_conf, type\_paper, type\_tier1, type\_top},
}

2023 (19)

Exploiting Hardware from Software: An Attack Surface Analysis. Frigo, P. Ph.D. Thesis, VU Amsterdam, December 2023.

Exploiting Hardware from Software: An Attack Surface Analysis [pdf]

Paper link bibtex

@phdthesis{frigo_exploiting_2023,
	type = {{PhD} {Thesis}},
	title = {Exploiting {Hardware} from {Software}: {An} {Attack} {Surface} {Analysis}},
	url = {https://research.vu.nl/files/277248833/thesisweb%20-%206554e4b138aea.pdf},
	school = {VU Amsterdam},
	author = {Frigo, Pietro},
	month = dec,
	year = {2023},
	keywords = {class\_sidechannels, type\_thesis},
}

Triereme: Speeding up Hybrid Fuzzing through Efficient Query Scheduling. Geretto, E.; Hohnerlein, J.; Giuffrida, C.; Bos, H.; Van Der Kouwe, E.; and von Gleissenthall, K. In ACSAC, December 2023.

Triereme: Speeding up Hybrid Fuzzing through Efficient Query Scheduling [pdf]

Paper

Triereme: Speeding up Hybrid Fuzzing through Efficient Query Scheduling [link]

Code link bibtex 21 downloads Artifact Evaluation Badges: Results Reproduced

@inproceedings{geretto_triereme_2023,
	title = {Triereme: {Speeding} up {Hybrid} {Fuzzing} through {Efficient} {Query} {Scheduling}},
	url = {Paper=https://download.vusec.net/papers/triereme_acsac23.pdf Code=https://github.com/vusec/triereme},
	booktitle = {{ACSAC}},
	author = {Geretto, Elia and Hohnerlein, Julius and Giuffrida, Cristiano and Bos, Herbert and Van Der Kouwe, Erik and von Gleissenthall, Klaus},
	month = dec,
	year = {2023},
	keywords = {artifacts:reproduced, artifacts:reusable, class\_testing, proj\_intersect, proj\_memo, type\_ae, type\_conf, type\_paper, type\_top},
}

FloatZone: How Floating Point Additions can Detect Memory Errors. Gorter, F.; Barberis, E.; Isemann, R.; van der Kouwe, E.; Giuffrida, C.; and Bos, H. ;login:. November 2023.

FloatZone: How Floating Point Additions can Detect Memory Errors [link]

Paper link bibtex 18 downloads

@article{gorter_floatzone_2023,
	title = {{FloatZone}: {How} {Floating} {Point} {Additions} can {Detect} {Memory} {Errors}},
	url = {https://www.usenix.org/publications/loginonline/floatzone-how-floating-point-additions-can-detect-memory-errors},
	journal = {;login:},
	author = {Gorter, Floris and Barberis, Enrico and Isemann, Raphael and van der Kouwe, Erik and Giuffrida, Cristiano and Bos, Herbert},
	month = nov,
	year = {2023},
	keywords = {class\_sanitizer, proj\_allocamelus, proj\_intersect, proj\_memo, proj\_theseus, proj\_tropics, type\_mag, type\_paper},
}

Quarantine: Mitigating Transient Execution Attacks with Physical Domain Isolation. Hertogh, M.; Wiesinger, M.; Österlund, S.; Muench, M.; Amit, N.; Bos, H.; and Giuffrida, C. In RAID, October 2023.

Quarantine: Mitigating Transient Execution Attacks with Physical Domain Isolation [pdf]

Paper

Quarantine: Mitigating Transient Execution Attacks with Physical Domain Isolation [link]

Code link bibtex 52 downloads

@inproceedings{hertogh_quarantine_2023,
	title = {Quarantine: {Mitigating} {Transient} {Execution} {Attacks} with {Physical} {Domain} {Isolation}},
	url = {Paper=https://download.vusec.net/papers/quarantine_raid23.pdf Code=https://github.com/vusec/quarantine},
	booktitle = {{RAID}},
	author = {Hertogh, Mathé and Wiesinger, Manuel and Österlund, Sebastian and Muench, Marius and Amit, Nadav and Bos, Herbert and Giuffrida, Cristiano},
	month = oct,
	year = {2023},
	keywords = {class\_sidechannels, proj\_allocamelus, proj\_intersect, proj\_vmware, type\_conf, type\_paper, type\_top},
}

Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions. Hofmann, J.; Vannacci, E.; Fournet, C.; Köpf, B.; and Oleksenko, O. In USENIX Security, August 2023.

Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions [pdf]

Paper link bibtex 23 downloads Artifact Evaluation Badges: Artifacts Available

@inproceedings{hofmann_speculation_2023,
	title = {Speculation at {Fault}: {Modeling} and {Testing} {Microarchitectural} {Leakage} of {CPU} {Exceptions}},
	url = {Paper=https://www.usenix.org/system/files/usenixsecurity23-hofmann.pdf},
	booktitle = {{USENIX} {Security}},
	author = {Hofmann, Jana and Vannacci, Emanuele and Fournet, Cedric and Köpf, Boris and Oleksenko, Oleksii},
	month = aug,
	year = {2023},
	keywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\_sidechannels, proj\_intersect, type\_ae, type\_conf, type\_paper, type\_tier1, type\_top},
}

FloatZone: Accelerating Memory Error Detection using the Floating Point Unit. Gorter, F.; Barberis, E.; Isemann, R.; van der Kouwe, E.; Giuffrida, C.; and Bos, H. In USENIX Security, August 2023.

FloatZone: Accelerating Memory Error Detection using the Floating Point Unit [pdf]

Paper

FloatZone: Accelerating Memory Error Detection using the Floating Point Unit [link]

Code link bibtex 339 downloads Artifact Evaluation Badges: Artifacts Available

@inproceedings{gorter_floatzone_2023-1,
	title = {{FloatZone}: {Accelerating} {Memory} {Error} {Detection} using the {Floating} {Point} {Unit}},
	url = {Paper=https://download.vusec.net/papers/floatzone_sec23.pdf Code=https://github.com/vusec/floatzone},
	booktitle = {{USENIX} {Security}},
	author = {Gorter, Floris and Barberis, Enrico and Isemann, Raphael and van der Kouwe, Erik and Giuffrida, Cristiano and Bos, Herbert},
	month = aug,
	year = {2023},
	keywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\_sanitizer, proj\_allocamelus, proj\_intersect, proj\_memo, proj\_theseus, proj\_tropics, type\_ae, type\_conf, type\_paper, type\_tier1, type\_top},
}

Uncontained: Uncovering Container Confusion in the Linux Kernel. Koschel, J.; Borrello, P.; D'Elia, D. C.; Bos, H.; and Giuffrida, C. In USENIX Security, August 2023. Distinguished Artifact Award, Pwnie Award Nomination for Best Privilege Escalation

Uncontained: Uncovering Container Confusion in the Linux Kernel [pdf]

Paper

Uncontained: Uncovering Container Confusion in the Linux Kernel [link]

Web

Code link bibtex 207 downloads Artifact Evaluation Badges: Artifacts Available

@inproceedings{koschel_uncontained_2023,
	title = {Uncontained: {Uncovering} {Container} {Confusion} in the {Linux} {Kernel}},
	url = {Paper=https://download.vusec.net/papers/uncontained_sec23.pdf Web=https://vusec.net/projects/uncontained Code=https://github.com/vusec/uncontained},
	booktitle = {{USENIX} {Security}},
	author = {Koschel, Jakob and Borrello, Pietro and D'Elia, Daniele Cono and Bos, Herbert and Giuffrida, Cristiano},
	month = aug,
	year = {2023},
	note = {Distinguished Artifact Award, Pwnie Award Nomination for Best Privilege Escalation},
	keywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\_sanitizer, proj\_allocamelus, proj\_intersect, proj\_memo, proj\_theseus, proj\_tropics, research\_uncontained, type\_ae, type\_award, type\_conf, type\_paper, type\_tier1, type\_top, type\_uncontained},
}

Uncontained Vulnerabilities. Koschel, J.; Borrello, P.; D'Elia, D. C.; Bos, H.; and Giuffrida, C. June 2023. Affected Vendors: Linux

Web

CVE-2023-1073

CVE-2023-1074

CVE-2023-1075

CVE-2023-1076

CVE-2023-1077

CVE-2023-1078

CVE-2023-1079

CVE-2023-25012 link bibtex 202 downloads

@misc{koschel_uncontained_2023-1,
	title = {Uncontained {Vulnerabilities}},
	url = {Web=https://vusec.net/projects/uncontained CVE-2023-1073=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1073 CVE-2023-1074=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1074 CVE-2023-1075=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1075 CVE-2023-1076=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1076 CVE-2023-1077=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1077 CVE-2023-1078=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1078 CVE-2023-1079=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1079 CVE-2023-25012=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25012},
	author = {Koschel, Jakob and Borrello, Pietro and D'Elia, Daniele Cono and Bos, Herbert and Giuffrida, Cristiano},
	month = jun,
	year = {2023},
	note = {Affected Vendors: Linux},
	keywords = {research\_uncontained, type\_cve},
}

Don't Look UB: Exposing Sanitizer-Eliding Compiler Optimizations. Isemann, R.; Giuffrida, C.; Bos, H.; Van Der Kouwe, E.; and von Gleissenthall, K. In PLDI, June 2023.

Don't Look UB: Exposing Sanitizer-Eliding Compiler Optimizations [pdf]

Paper

Don't Look UB: Exposing Sanitizer-Eliding Compiler Optimizations [link]

Code link bibtex 72 downloads Artifact Evaluation Badges: Artifacts Reusable

@inproceedings{isemann_dont_2023,
	title = {Don't {Look} {UB}: {Exposing} {Sanitizer}-{Eliding} {Compiler} {Optimizations}},
	url = {Paper=https://download.vusec.net/papers/dontlookub_pldi23.pdf Code=https://github.com/vusec/LookUB},
	booktitle = {{PLDI}},
	author = {Isemann, Raphael and Giuffrida, Cristiano and Bos, Herbert and Van Der Kouwe, Erik and von Gleissenthall, Klaus},
	month = jun,
	year = {2023},
	keywords = {artifacts:reusable, class\_sanitizer, proj\_allocamelus, proj\_intersect, proj\_memo, proj\_theseus, type\_ae, type\_conf, type\_paper, type\_tier1, type\_top},
}

Enviral: Fuzzing the Environment for Evasive Malware Analysis. Gorter, F.; Giuffrida, C.; and van der Kouwe, E. In EuroSec, April 2023.

Enviral: Fuzzing the Environment for Evasive Malware Analysis [pdf]

Paper link bibtex 53 downloads

@inproceedings{gorter_enviral_2023,
	title = {Enviral: {Fuzzing} the {Environment} for {Evasive} {Malware} {Analysis}},
	url = {Paper=https://download.vusec.net/papers/enviral_eurosec23.pdf},
	booktitle = {{EuroSec}},
	author = {Gorter, Floris and Giuffrida, Cristiano and van der Kouwe, Erik},
	month = apr,
	year = {2023},
	keywords = {class\_malware, proj\_intersect, proj\_memo, proj\_theseus, proj\_tropics, type\_mscthesis, type\_paper, type\_workshop},
}

Copy-on-Flip: Hardening ECC Memory Against Rowhammer Attacks. Di Dio, A.; Koning, K.; Bos, H.; and Giuffrida, C. In NDSS, February 2023.

Copy-on-Flip: Hardening ECC Memory Against Rowhammer Attacks [pdf]

Paper

Copy-on-Flip: Hardening ECC Memory Against Rowhammer Attacks [link]

Code link bibtex 88 downloads

@inproceedings{di_dio_copy--flip_2023,
	title = {Copy-on-{Flip}: {Hardening} {ECC} {Memory} {Against} {Rowhammer} {Attacks}},
	url = {Paper=https://download.vusec.net/papers/cof_ndss23.pdf Code=https://github.com/vusec/Copy-on-Flip},
	booktitle = {{NDSS}},
	author = {Di Dio, Andrea and Koning, Koen and Bos, Herbert and Giuffrida, Cristiano},
	month = feb,
	year = {2023},
	keywords = {class\_rowhammer, proj\_intersect, proj\_offcore, proj\_theseus, type\_conf, type\_mscthesis, type\_paper, type\_tier1, type\_top},
}

Let Me Unwind That For You: Exceptions to Backward-Edge Protection. Duta, V.; Freyer, F.; Pagani, F.; Muench, M.; and Giuffrida, C. In NDSS, February 2023. Intel Bounty Reward

Let Me Unwind That For You: Exceptions to Backward-Edge Protection [pdf]

Paper

Let Me Unwind That For You: Exceptions to Backward-Edge Protection [link]

Code link bibtex 100 downloads

@inproceedings{duta_let_2023,
	title = {Let {Me} {Unwind} {That} {For} {You}: {Exceptions} to {Backward}-{Edge} {Protection}},
	url = {Paper=https://download.vusec.net/papers/chop_ndss23.pdf Code=https://github.com/chop-project/chop},
	booktitle = {{NDSS}},
	author = {Duta, Victor and Freyer, Fabian and Pagani, Fabio and Muench, Marius and Giuffrida, Cristiano},
	month = feb,
	year = {2023},
	note = {Intel Bounty Reward},
	keywords = {class\_binary, proj\_intersect, proj\_memo, proj\_offcore, proj\_theseus, proj\_tropics, type\_award, type\_bounty, type\_conf, type\_cve\_assigned, type\_paper, type\_tier1, type\_top},
}

CHOP Vulnerability. Duta, V.; Freyer, F.; Pagani, F.; Muench, M.; and Giuffrida, C. January 2023. Affected vendors: Intel

CVE-2022-40196 (Intel) link bibtex

@misc{duta_chop_2023,
	title = {{CHOP} {Vulnerability}},
	url = {CVE-2022-40196_(Intel)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40196},
	author = {Duta, Victor and Freyer, Fabian and Pagani, Fabio and Muench, Marius and Giuffrida, Cristiano},
	month = jan,
	year = {2023},
	note = {Affected vendors: Intel},
	keywords = {type\_cve},
}

P6: Prioritization for Prompt Patching of Programs with Pernicious Problems. 2023. NWO (6 Years)

P6: Prioritization for Prompt Patching of Programs with Pernicious Problems [link]

Web link bibtex 9 downloads

@misc{noauthor_p6_2023,
	title = {P6: {Prioritization} for {Prompt} {Patching} of {Programs} with {Pernicious} {Problems}},
	url = {Web=https://www.vusec.net/publications/?bib=proj_p6},
	year = {2023},
	note = {NWO (6 Years)},
	keywords = {type\_grant, type\_nwo},
}

Specification and Verification of Side-channel Security for Open-source Processors via Leakage Contracts. Wang, Z.; Mohr, G.; von Gleissenthall, K.; Reineke, J.; and Guarnieri, M. In CCS, 2023. Distinguished Paper Award

Specification and Verification of Side-channel Security for Open-source Processors via Leakage Contracts [pdf]

Paper link bibtex abstract 8 downloads

@inproceedings{wang_specification_2023,
	title = {Specification and {Verification} of {Side}-channel {Security} for {Open}-source {Processors} via {Leakage} {Contracts}},
	url = {https://gleissen.github.io/papers/ccs2023.pdf},
	abstract = {Leakage contracts have recently been proposed as a new security abstraction at the Instruction Set Architecture (ISA) level. Such contracts aim to faithfully capture the information processors may leak through side effects of their microarchitectural implementations. However, so far, we lack a verification methodology to check that a processor actually satisfies a given leakage contract. In this paper, we address this problem by developing LeaVe, the first tool for verifying register-transfer-level (RTL) processor designs against ISA-level leakage contracts. To this end, we introduce a decoupling theorem that separates security and functional correctness concerns when verifying contract satisfaction. LeaVe leverages this decoupling to make verification of contract satisfaction practical. To scale to realistic processor designs LeaVe further employs inductive reasoning on relational abstractions. Using LeaVe, we precisely characterize the side-channel security guarantees provided by three open-source RISC-V processors, thereby obtaining the first contract satisfaction proofs for RTL processor designs.},
	urldate = {2023-07-27},
	booktitle = {{CCS}},
	author = {Wang, Zilong and Mohr, Gideon and von Gleissenthall, Klaus and Reineke, Jan and Guarnieri, Marco},
	year = {2023},
	note = {Distinguished Paper Award},
	keywords = {Computer Science - Cryptography and Security, type\_award, type\_conf, type\_paper, type\_tier1, type\_top},
}

Randomized Testing of Byzantine Fault Tolerant Algorithms. Winter, L.; Buse, F.; De Graaf, D.; v. Gleissenthall, K.; and Ozkan, B. K. In OOPSLA, 2023. Distinguished Paper Award

Randomized Testing of Byzantine Fault Tolerant Algorithms [pdf]

Paper link bibtex 4 downloads

@inproceedings{winter_randomized_2023,
	title = {Randomized {Testing} of {Byzantine} {Fault} {Tolerant} {Algorithms}},
	url = {https://gleissen.github.io/papers/byzzfuzz.pdf},
	booktitle = {{OOPSLA}},
	author = {Winter, Levin and Buse, Florena and De Graaf, Daan and v. Gleissenthall, Klaus and Ozkan, Burcu Kulahcioglu},
	year = {2023},
	note = {Distinguished Paper Award},
	keywords = {type\_award, type\_paper},
}

RESCALE: Revolutionised Enhanced Supply Chain Automation with Limited Threats Exposure. 2023. Horizon 2020 (3 Years)

RESCALE: Revolutionised Enhanced Supply Chain Automation with Limited Threats Exposure [link]

Web link bibtex 10 downloads

@misc{noauthor_rescale_2023,
	title = {{RESCALE}: {Revolutionised} {Enhanced} {Supply} {Chain} {Automation} with {Limited} {Threats} {Exposure}},
	url = {Web=https://www.vusec.net/publications/?bib=proj_rescale},
	year = {2023},
	note = {Horizon 2020 (3 Years)},
	keywords = {type\_eu, type\_grant},
}

Dutch Prize for ICT research. Giuffrida, C. 2023. NWO (1 Year)
link bibtex

@misc{giuffrida_dutch_2023,
	title = {Dutch {Prize} for {ICT} research},
	author = {Giuffrida, Cristiano},
	year = {2023},
	note = {NWO (1 Year)},
	keywords = {type\_grant, type\_nwo},
}

Allocamelus: Secure Allocators and Hardware Fuzzers. 2023. Intel (Recurring)

Allocamelus: Secure Allocators and Hardware Fuzzers [link]

Web link bibtex 5 downloads

@misc{noauthor_allocamelus_2023,
	title = {Allocamelus: {Secure} {Allocators} and {Hardware} {Fuzzers}},
	url = {Web=https://www.vusec.net/publications/?bib=proj_allocamelus},
	year = {2023},
	note = {Intel (Recurring)},
	keywords = {type\_grant, type\_industry},
}

2022 (21)

Unwinding the Stack for Fun and Profit. Duta, V.; Freyer, F.; Pagani, F.; Muench, M.; and Giuffrida, C. In Black Hat Europe, December 2022.
link bibtex

@inproceedings{duta_unwinding_2022,
	title = {Unwinding the {Stack} for {Fun} and {Profit}},
	booktitle = {Black {Hat} {Europe}},
	author = {Duta, Victor and Freyer, Fabian and Pagani, Fabio and Muench, Marius and Giuffrida, Cristiano},
	month = dec,
	year = {2022},
	keywords = {class\_binary, proj\_intersect, proj\_memo, proj\_theseus, proj\_tropics, type\_conf, type\_paper},
}

Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots. Geretto, E.; Giuffrida, C.; Bos, H.; and van der Kouwe, E. In ACSAC, December 2022.

Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots [pdf]

Paper

Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots [link]

Code link bibtex 87 downloads Artifact Evaluation Badges: Artifacts Functional

@inproceedings{geretto_snappy_2022,
	title = {Snappy: {Efficient} {Fuzzing} with {Adaptive} and {Mutable} {Snapshots}},
	url = {Paper=https://download.vusec.net/papers/snappy_acsac22.pdf Code=https://github.com/vusec/snappy},
	booktitle = {{ACSAC}},
	author = {Geretto, Elia and Giuffrida, Cristiano and Bos, Herbert and van der Kouwe, Erik},
	month = dec,
	year = {2022},
	keywords = {artifacts:functional, class\_testing, proj\_intersect, proj\_memo, proj\_theseus, proj\_tropics, type\_ae, type\_conf, type\_paper, type\_top},
}

CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks. de Faveri Tron, A.; Longari, S.; Carminati, M.; Polino, M.; and Zanero, S. In CCS, November 2022.

CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks [pdf]

Paper

CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks [link]

Code link bibtex 47 downloads

@inproceedings{de_faveri_tron_canflict_2022,
	title = {{CANflict}: {Exploiting} {Peripheral} {Conflicts} for {Data}-{Link} {Layer} {Attacks} on {Automotive} {Networks}},
	url = {Paper=https://arxiv.org/pdf/2209.09557.pdf code=https://github.com/necst/CANflict},
	booktitle = {{CCS}},
	author = {de Faveri Tron, Alvise and Longari, Stefano and Carminati, Michele and Polino, Mario and Zanero, Stefano},
	month = nov,
	year = {2022},
	keywords = {class\_embedded, type\_conf, type\_paper, type\_tier1, type\_top},
}

DangZero: Efficient Use-After-Free Detection via Direct Page Table Access. Gorter, F.; Koning, K.; Bos, H.; and Giuffrida, C. In CCS, November 2022.

DangZero: Efficient Use-After-Free Detection via Direct Page Table Access [pdf]

Paper

DangZero: Efficient Use-After-Free Detection via Direct Page Table Access [link]

Code link bibtex 153 downloads

@inproceedings{gorter_dangzero_2022,
	title = {{DangZero}: {Efficient} {Use}-{After}-{Free} {Detection} via {Direct} {Page} {Table} {Access}},
	url = {Paper=https://download.vusec.net/papers/dangzero_ccs22.pdf Code=https://github.com/vusec/dangzero},
	booktitle = {{CCS}},
	author = {Gorter, Floris and Koning, Koen and Bos, Herbert and Giuffrida, Cristiano},
	month = nov,
	year = {2022},
	keywords = {class\_sanitizer, proj\_intersect, proj\_memo, proj\_theseus, proj\_tropics, proj\_unicore, type\_conf, type\_paper, type\_tier1, type\_top},
}

Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks. Barberis, E.; Frigo, P.; Muench, M.; Bos, H.; and Giuffrida, C. In USENIX Security, August 2022. Pwnie Award Nomination for Epic Achievement, Intel Bounty Reward

Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks [pdf]

Paper

Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks [link]

Web

Code link bibtex 564 downloads Artifact Evaluation Badges: Artifacts Available

@inproceedings{barberis_branch_2022,
	title = {Branch {History} {Injection}: {On} the {Effectiveness} of {Hardware} {Mitigations} {Against} {Cross}-{Privilege} {Spectre}-v2 {Attacks}},
	url = {Paper=http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf Web=https://www.vusec.net/projects/bhi-spectre-bhb Code=https://github.com/vusec/bhi-spectre-bhb},
	booktitle = {{USENIX} {Security}},
	author = {Barberis, Enrico and Frigo, Pietro and Muench, Marius and Bos, Herbert and Giuffrida, Cristiano},
	month = aug,
	year = {2022},
	note = {Pwnie Award Nomination for Epic Achievement, Intel Bounty Reward},
	keywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\_sidechannels, proj\_intersect, proj\_offcore, proj\_theseus, proj\_tropics, proj\_unicore, type\_ae, type\_award, type\_bounty, type\_conf, type\_cve\_assigned, type\_paper, type\_press, type\_tier1, type\_top},
}

Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing. Tobias Scharnowski; Nils Bars; Moritz Schloegel; Eric Gustafson; Marius Muench; Giovanni Vigna; Christopher Kruegel; Thorsten Holz; and Ali Abbasi In USENIX Security, August 2022.

Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing [pdf]

Paper link bibtex abstract 67 downloads Artifact Evaluation Badges: Artifacts Available

@inproceedings{tobias_scharnowski_fuzzware_2022,
	title = {Fuzzware: {Using} {Precise} {MMIO} {Modeling} for {Effective} {Firmware} {Fuzzing}},
	url = {https://www.usenix.org/system/files/sec22summer_scharnowski.pdf},
	abstract = {As embedded devices are becoming more pervasive in our everyday lives, they turn into an attractive target for adversaries. Despite their high value and large attack surface, applying automated testing techniques such as fuzzing is not straightforward for such devices. As fuzz testing firmware on constrained embedded devices is inefficient, state-of-the-art approaches instead opt to run the firmware in an emulator (through a process called re-hosting). However, existing approaches either use coarse-grained static models of hardware behavior or require manual effort to re-host the firmware.

We propose a novel combination of lightweight program analysis, re-hosting, and fuzz testing to tackle these challenges. We present the design and implementation of Fuzzware, a software-only system to fuzz test unmodified monolithic firmware in a scalable way. By determining how hardware-generated values are actually used by the firmware logic, Fuzzware can automatically generate models that help focusing the fuzzing process on mutating the inputs that matter, which drastically improves its effectiveness.

We evaluate our approach on synthetic and real-world targets comprising a total of 19 hardware platforms and 77 firmware images. Compared to state-of-the-art work, Fuzzware achieves up to 3.25 times the code coverage and our modeling approach reduces the size of the input space by up to 95.5\%. The synthetic samples contain 66 unit tests for various hardware interactions, and we find that our approach is the first generic re-hosting solution to automatically pass all of them. Fuzzware discovered 15 completely new bugs including bugs in targets which were previously analyzed by other works; a total of 12 CVEs were assigned.},
	booktitle = {{USENIX} {Security}},
	author = {{Tobias Scharnowski} and {Nils Bars} and {Moritz Schloegel} and {Eric Gustafson} and {Marius Muench} and {Giovanni Vigna} and {Christopher Kruegel} and {Thorsten Holz} and {Ali Abbasi}},
	month = aug,
	year = {2022},
	keywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\_binary, proj\_intersect, proj\_tropics, type\_ae, type\_conf, type\_paper, type\_tier1, type\_top},
}

TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering. Tatar, A.; Trujillo, D.; Giuffrida, C.; and Bos, H. In USENIX Security, August 2022.

TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering [pdf]

Paper

TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering [link]

Code link bibtex 108 downloads Artifact Evaluation Badges: Artifacts Available

@inproceedings{tatar_tlbdr_2022,
	title = {{TLB};{DR}: {Enhancing} {TLB}-based {Attacks} with {TLB} {Desynchronized} {Reverse} {Engineering}},
	url = {Paper=https://download.vusec.net/papers/tlbdr_sec22.pdf Code=https://github.com/vusec/tlbdr},
	booktitle = {{USENIX} {Security}},
	author = {Tatar, Andrei and Trujillo, Daniël and Giuffrida, Cristiano and Bos, Herbert},
	month = aug,
	year = {2022},
	keywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\_sidechannels, proj\_intersect, proj\_offcore, proj\_theseus, proj\_tropics, proj\_unicore, type\_ae, type\_conf, type\_paper, type\_tier1, type\_top},
}

Side Channel Security Risks In Commodity Microarchitectures. Gras, B. Ph.D. Thesis, VU Amsterdam, June 2022. EuroSys Roger Needham PhD Award, William C. Carter PhD Dissertation Award

Side Channel Security Risks In Commodity Microarchitectures [pdf]

Thesis link bibtex 3 downloads

@phdthesis{gras_side_2022,
	type = {{PhD} {Thesis}},
	title = {Side {Channel} {Security} {Risks} {In} {Commodity} {Microarchitectures}},
	url = {Thesis=https://research.vu.nl/files/155813469/B%20J%20%20Gras%20-%20thesis.pdf},
	school = {VU Amsterdam},
	author = {Gras, Ben},
	month = jun,
	year = {2022},
	note = {EuroSys Roger Needham PhD Award, William C. Carter PhD Dissertation Award},
	keywords = {class\_sidechannels, type\_award, type\_thesis, type\_thesis\_award},
}

BugsBunny: Hopping to RTL Targets with a Directed Hardware-Design Fuzzer. Ragab, H.; Koning, K.; Bos, H.; and Giuffrida, C. In SILM, June 2022.

BugsBunny: Hopping to RTL Targets with a Directed Hardware-Design Fuzzer [pdf]

Paper link bibtex 57 downloads

@inproceedings{ragab_bugsbunny_2022,
	title = {{BugsBunny}: {Hopping} to {RTL} {Targets} with a {Directed} {Hardware}-{Design} {Fuzzer}},
	url = {https://download.vusec.net/papers/bugsbunny_silm22.pdf},
	booktitle = {{SILM}},
	author = {Ragab, Hany and Koning, Koen and Bos, Herbert and Giuffrida, Cristiano},
	month = jun,
	year = {2022},
	keywords = {class\_testing, proj\_intersect, proj\_offcore, proj\_tropics, type\_paper, type\_workshop},
}

Spring: Spectre Returning in the Browser with Speculative Load Queuing and Deep Stacks. Wikner, J.; Giuffrida, C.; Bos, H.; and Razavi, K. In WOOT, May 2022. Mozilla Bounty Reward

Spring: Spectre Returning in the Browser with Speculative Load Queuing and Deep Stacks [pdf]

Paper link bibtex 129 downloads

@inproceedings{wikner_spring_2022,
	title = {Spring: {Spectre} {Returning} in the {Browser} with {Speculative} {Load} {Queuing} and {Deep} {Stacks}},
	url = {Paper=http://download.vusec.net/papers/spring_woot22.pdf},
	booktitle = {{WOOT}},
	author = {Wikner, Johannes and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = may,
	year = {2022},
	note = {Mozilla Bounty Reward},
	keywords = {class\_sidechannels, proj\_intersect, proj\_offcore, proj\_tropics, type\_award, type\_bounty, type\_mscthesis, type\_paper, type\_top, type\_workshop},
}

BLACKSMITH: Scalable Rowhammering in the Frequency Domain. Jattke, P.; van der Veen, V.; Frigo, P.; Gunter, S.; and Razavi, K. In S&P, May 2022.

BLACKSMITH: Scalable Rowhammering in the Frequency Domain [pdf]

Paper

BLACKSMITH: Scalable Rowhammering in the Frequency Domain [link]

Press link bibtex 289 downloads

@inproceedings{jattke_blacksmith_2022,
	title = {{BLACKSMITH}: {Scalable} {Rowhammering} in the {Frequency} {Domain}},
	url = {Paper=https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf Press=https://bit.ly/3H395l5},
	booktitle = {S\&{P}},
	author = {Jattke, Patrick and van der Veen, Victor and Frigo, Pietro and Gunter, Stijn and Razavi, Kaveh},
	month = may,
	year = {2022},
	keywords = {class\_rowhammer, type\_conf, type\_paper, type\_press, type\_tier1, type\_top},
}

Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation. Milburn, A.; van der Kouwe, E.; and Giuffrida, C. In S&P, May 2022.

Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation [pdf]

Paper

Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation [link]

Code link bibtex 196 downloads

@inproceedings{milburn_mitigating_2022,
	title = {Mitigating {Information} {Leakage} {Vulnerabilities} with {Type}-based {Data} {Isolation}},
	url = {Paper=https://download.vusec.net/papers/tdi_sp22.pdf Code=https://github.com/vusec/typeisolation},
	booktitle = {S\&{P}},
	author = {Milburn, Alyssa and van der Kouwe, Erik and Giuffrida, Cristiano},
	month = may,
	year = {2022},
	keywords = {class\_sanitizer, proj\_binrec, proj\_offcore, proj\_securecode, proj\_theseus, proj\_tropics, proj\_veripatch, type\_conf, type\_paper, type\_tier1, type\_top},
}

On the Effectiveness of Same-Domain Memory Deduplication. Costi, A.; Johannesmeyer, B.; Bosman, E.; Giuffrida, C.; and Bos, H. In EuroSec, April 2022.

On the Effectiveness of Same-Domain Memory Deduplication [pdf]

Paper

Slides

On the Effectiveness of Same-Domain Memory Deduplication [link]

Web

Code link bibtex 57 downloads

@inproceedings{costi_effectiveness_2022,
	title = {On the {Effectiveness} of {Same}-{Domain} {Memory} {Deduplication}},
	url = {Paper=https://download.vusec.net/papers/dedupestreturns_eurosec22.pdf Slides=https://download.vusec.net/slides/dedup_eurosec22.pdf Web=https://www.vusec.net/projects/dedup-est-machina-returns/ Code=https://github.com/vusec/dedup-est-returns},
	booktitle = {{EuroSec}},
	author = {Costi, Andreas and Johannesmeyer, Brian and Bosman, Erik and Giuffrida, Cristiano and Bos, Herbert},
	month = apr,
	year = {2022},
	keywords = {class\_sidechannels, proj\_intersect, proj\_unicore, type\_mscthesis, type\_paper, type\_workshop},
}

Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel. Johannesmeyer, B.; Koschel, J.; Razavi, K.; Bos, H.; and Giuffrida, C. In NDSS, April 2022.

Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel [pdf]

Paper

Slides

Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel [link]

Web

Code

Video link bibtex 510 downloads

@inproceedings{johannesmeyer_kasper_2022,
	title = {Kasper: {Scanning} for {Generalized} {Transient} {Execution} {Gadgets} in the {Linux} {Kernel}},
	url = {Paper=https://download.vusec.net/papers/kasper_ndss22.pdf Slides=https://download.vusec.net/slides/kasper_ndss22.pdf Web=https://www.vusec.net/projects/kasper Code=https://github.com/vusec/kasper Video=https://www.youtube.com/watch?v=v89Zt3vxrww},
	booktitle = {{NDSS}},
	author = {Johannesmeyer, Brian and Koschel, Jakob and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = apr,
	year = {2022},
	keywords = {class\_sidechannels, proj\_intersect, proj\_offcore, proj\_theseus, proj\_tropics, proj\_unicore, proj\_veripatch, type\_conf, type\_paper, type\_tier1, type\_top},
}

cISP: A Speed-of-Light Internet Service Provider. Bhattacherjee, D.; Aqeel, W.; Jyothi, S. A.; Bozkurt, I. N.; Sentosa, W.; Tirmazi, M.; Aguirre, A.; Chandrasekaran, B.; Godfrey, B.; Laughlin, G.; Maggs, B. M.; and Singla, A. In NSDI, April 2022.
link bibtex

@inproceedings{bhattacherjee_cisp_2022,
	title = {{cISP}: {A} {Speed}-of-{Light} {Internet} {Service} {Provider}},
	booktitle = {{NSDI}},
	author = {Bhattacherjee, Debopam and Aqeel, Waqar and Jyothi, Sangeetha A. and Bozkurt, Ilker N. and Sentosa, William and Tirmazi, Muhammad and Aguirre, Anthony and Chandrasekaran, Balakrishnan and Godfrey, Brighten and Laughlin, Gregory and Maggs, Bruce M. and Singla, Ankit},
	month = apr,
	year = {2022},
	keywords = {class\_network, type\_conf, type\_paper, type\_tier1, type\_top},
}

BHI (or Spectre-BHB) Vulnerability. Barberis, E.; Frigo, P.; Muench, M.; Bos, H.; and Giuffrida, C. March 2022. Affected vendors: Intel (Bounty Reward), Arm, Other SW Vendors

BHI (or Spectre-BHB) Vulnerability [link]

Web

CVE-2022-0001 (Intel)

CVE-2022-0002 (Intel)

CVE-2022-23960 (Arm) link bibtex 1 download

@misc{barberis_bhi_2022,
	title = {{BHI} (or {Spectre}-{BHB}) {Vulnerability}},
	url = {Web=https://www.vusec.net/projects/bhi-spectre-bhb CVE-2022-0001_(Intel)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001 CVE-2022-0002_(Intel)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002 CVE-2022-23960_(Arm)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960},
	author = {Barberis, Enrico and Frigo, Pietro and Muench, Marius and Bos, Herbert and Giuffrida, Cristiano},
	month = mar,
	year = {2022},
	note = {Affected vendors: Intel (Bounty Reward), Arm, Other SW Vendors},
	keywords = {type\_cve},
}

DupeFS: Leaking Data Over the Network With Filesystem Deduplication Side Channels. Bacs, A.; Musaev, S.; Razavi, K.; Giuffrida, C.; and Bos, H. In FAST, February 2022.

DupeFS: Leaking Data Over the Network With Filesystem Deduplication Side Channels [pdf]

Paper link bibtex 126 downloads

@inproceedings{bacs_dupefs_2022,
	title = {{DupeFS}: {Leaking} {Data} {Over} the {Network} {With} {Filesystem} {Deduplication} {Side} {Channels}},
	url = {Paper=https://download.vusec.net/papers/dupefs_fast22.pdf},
	booktitle = {{FAST}},
	author = {Bacs, Andrei and Musaev, Saidgani and Razavi, Kaveh and Giuffrida, Cristiano and Bos, Herbert},
	month = feb,
	year = {2022},
	keywords = {class\_sidechannels, proj\_intersect, proj\_offcore, proj\_unicore, type\_conf, type\_mscthesis, type\_paper, type\_tier1, type\_top},
}

FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware. Grant Hernandez; Marius Muench; Dominik Maier; Alyssa Milburn; Shinjo Park; Tobias Scharnowski; Tyler Tucker; Patrick Traynor; and Kevin R. B. Butler In NDSS, February 2022.

FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware [pdf]

Paper

FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware [link]

Code link bibtex 31 downloads

@inproceedings{grant_hernandez_firmwire_2022,
	title = {{FirmWire}: {Transparent} {Dynamic} {Analysis} for {Cellular} {Baseband} {Firmware}},
	url = {Paper=https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf Code=https://github.com/FirmWire/FirmWire},
	booktitle = {{NDSS}},
	author = {{Grant Hernandez} and {Marius Muench} and {Dominik Maier} and {Alyssa Milburn} and {Shinjo Park} and {Tobias Scharnowski} and {Tyler Tucker} and {Patrick Traynor} and {Kevin R. B. Butler}},
	month = feb,
	year = {2022},
	keywords = {class\_binary, proj\_intersect, proj\_tropics, type\_conf, type\_paper, type\_tier1, type\_top},
}

EuroSys Jochen Liedtke Young Researcher Award. Giuffrida, C. 2022. RedHat (1 Year)
link bibtex

@misc{giuffrida_eurosys_2022,
	title = {{EuroSys} {Jochen} {Liedtke} {Young} {Researcher} {Award}},
	author = {Giuffrida, Cristiano},
	year = {2022},
	note = {RedHat (1 Year)},
	keywords = {type\_grant, type\_industry},
}

Memo: Efficient Fuzzing Through Memoization. 2022. EZK (4 Years)
link bibtex

@misc{noauthor_memo_2022,
	title = {Memo: {Efficient} {Fuzzing} {Through} {Memoization}},
	year = {2022},
	note = {EZK (4 Years)},
	keywords = {type\_ekz, type\_grant},
}

VeriPatch: Safe and Automatic Patch Generation. 2022. EZK (4 Years)
link bibtex

@misc{noauthor_veripatch_2022,
	title = {{VeriPatch}: {Safe} and {Automatic} {Patch} {Generation}},
	year = {2022},
	note = {EZK (4 Years)},
	keywords = {type\_ekz, type\_grant},
}

2021 (27)

Tardis: A fault-tolerant design for network control planes. Zhou, Z.; Benson, T. A.; Canini, M.; and Chandrasekaran, B. In SOSR, December 2021.
link bibtex

@inproceedings{zhou_tardis_2021,
	title = {Tardis: {A} fault-tolerant design for network control planes},
	booktitle = {{SOSR}},
	author = {Zhou, Zhenyu and Benson, Theophilus A. and Canini, Marco and Chandrasekaran, Balakrishnan},
	month = dec,
	year = {2021},
	keywords = {class\_network, type\_conf, type\_paper, type\_top},
}

Selfish & Opaque Transaction Ordering in the Bitcoin Blockchain: The Case for Chain Neutrality. Messias, J.; Alzayat, M.; Chandrasekaran, B.; Gummadi, K. P.; Loiseau, P.; and Mislove, A. In IMC, November 2021.
link bibtex

@inproceedings{messias_selfish_2021,
	title = {Selfish \& {Opaque} {Transaction} {Ordering} in the {Bitcoin} {Blockchain}: {The} {Case} for {Chain} {Neutrality}},
	booktitle = {{IMC}},
	author = {Messias, Johnnatan and Alzayat, Mohamed and Chandrasekaran, Balakrishnan and Gummadi, Krishna P. and Loiseau, Patrick and Mislove, Alan},
	month = nov,
	year = {2021},
	keywords = {class\_network, type\_conf, type\_paper, type\_tier1, type\_top},
}

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization. Borrello, P.; D'Elia, D. C.; Querzoni, L.; and Giuffrida, C. In CCS, November 2021.

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization [pdf]

Paper

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization [link]

Code link bibtex 92 downloads

@inproceedings{borrello_constantine_2021,
	title = {Constantine: {Automatic} {Side}-{Channel} {Resistance} {Using} {Efficient} {Control} and {Data} {Flow} {Linearization}},
	url = {Paper=https://download.vusec.net/papers/constantine_ccs21.pdf Code=https://github.com/pietroborrello/constantine},
	booktitle = {{CCS}},
	author = {Borrello, Pietro and D'Elia, Daniele Cono and Querzoni, Leonardo and Giuffrida, Cristiano},
	month = nov,
	year = {2021},
	keywords = {class\_sidechannels, proj\_offcore, proj\_react, proj\_unicore, type\_conf, type\_paper, type\_tier1, type\_top},
}

High-Fidelity Provenance: Exploring the Intersection of Provenance and Security. Stamatogiannakis, M. Ph.D. Thesis, VU Amsterdam, October 2021.

High-Fidelity Provenance: Exploring the Intersection of Provenance and Security [pdf]

Thesis link bibtex

@phdthesis{stamatogiannakis_high-fidelity_2021,
	type = {{PhD} {Thesis}},
	title = {High-{Fidelity} {Provenance}: {Exploring} the {Intersection} of {Provenance} and {Security}},
	url = {Thesis=https://research.vu.nl/ws/portalfiles/portal/137213667/E++Stamatogiannakis+-+thesis.pdf},
	school = {VU Amsterdam},
	author = {Stamatogiannakis, Manolis},
	month = oct,
	year = {2021},
	keywords = {class\_provenance, type\_thesis},
}

LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating. Mi, X.; Rawat, S.; Giuffrida, C.; and Bos, H. In RAID, October 2021.

LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating [pdf]

Paper link bibtex 41 downloads

@inproceedings{mi_leansym_2021,
	title = {{LeanSym}: {Efficient} {Hybrid} {Fuzzing} {Through} {Conservative} {Constraint} {Debloating}},
	url = {https://download.vusec.net/papers/leansym_raid21.pdf},
	booktitle = {{RAID}},
	author = {Mi, Xianya and Rawat, Sanjay and Giuffrida, Cristiano and Bos, Herbert},
	month = oct,
	year = {2021},
	keywords = {class\_testing, proj\_intersect, proj\_memo, proj\_theseus, proj\_tropics, type\_conf, type\_paper, type\_top},
}

Fault Injection as an Oscilloscope: Fault Correlation Analysis. Spruyt, A.; Milburn, A.; and Chmielewski, L. In CHES, September 2021.

Fault Injection as an Oscilloscope: Fault Correlation Analysis [pdf]

Paper link bibtex

@inproceedings{spruyt_fault_2021,
	title = {Fault {Injection} as an {Oscilloscope}: {Fault} {Correlation} {Analysis}},
	url = {https://repository.ubn.ru.nl/bitstream/handle/2066/230663/230663.pdf},
	booktitle = {{CHES}},
	author = {Spruyt, Albert and Milburn, Alyssa and Chmielewski, Lukasz},
	month = sep,
	year = {2021},
	keywords = {class\_sidechannels, type\_conf, type\_paper, type\_top},
}

Understanding the Security Implications of Kubernetes Networking. Minna, F.; Blaise, A.; Rebecchi, F.; Chandrasekaran, B.; and Massacci, F. . September 2021.
link bibtex

@article{minna_understanding_2021,
	title = {Understanding the {Security} {Implications} of {Kubernetes} {Networking}},
	author = {Minna, Francesco and Blaise, Agathe and Rebecchi, Filippo and Chandrasekaran, Balakrishnan and Massacci, Fabio},
	month = sep,
	year = {2021},
	keywords = {class\_network, type\_journal, type\_paper},
}

Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks. Ragab, H.; Barberis, E.; Bos, H.; and Giuffrida, C. In USENIX Security, August 2021. Distinguished Paper Award, Intel Bounty Reward, Mozilla Bounty Reward, Pwnie Award Nomination for Most Innovative Research, Pwnie Award Nomination for Best Privilege Escalation Bug, Pwnie Award Nomination for Best Client-Side Bug, Pwnie Award Nomination for Epic Achievement, DCSR Paper Award, CSAW Best Paper Award Runner-up

Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks [pdf]

Paper

Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks [link]

Web

Code link bibtex 296 downloads

@inproceedings{ragab_rage_2021,
	title = {Rage {Against} the {Machine} {Clear}: {A} {Systematic} {Analysis} of {Machine} {Clears} and {Their} {Implications} for {Transient} {Execution} {Attacks}},
	url = {Paper=https://download.vusec.net/papers/fpvi-scsb_sec21.pdf Web=https://www.vusec.net/projects/fpvi-scsb Code=https://github.com/vusec/fpvi-scsb},
	booktitle = {{USENIX} {Security}},
	author = {Ragab, Hany and Barberis, Enrico and Bos, Herbert and Giuffrida, Cristiano},
	month = aug,
	year = {2021},
	note = {Distinguished Paper Award, Intel Bounty Reward, Mozilla Bounty Reward, Pwnie Award Nomination for Most Innovative Research, Pwnie Award Nomination for Best Privilege Escalation Bug, Pwnie Award Nomination for Best Client-Side Bug, Pwnie Award Nomination for Epic Achievement, DCSR Paper Award, CSAW Best Paper Award Runner-up},
	keywords = {class\_sidechannels, proj\_intersect, proj\_offcore, proj\_react, proj\_unicore, type\_award, type\_bounty, type\_conf, type\_cve\_assigned, type\_paper, type\_tier1, type\_top},
}

Fine Grained Dataflow Tracking with Proximal Gradients. Ryan, G.; Shah, A.; She, D.; Bhat, K.; and Jana, S. In USENIX Security, August 2021.

Fine Grained Dataflow Tracking with Proximal Gradients [link]

Paper link bibtex 34 downloads

@inproceedings{ryan_fine_2021,
	title = {Fine {Grained} {Dataflow} {Tracking} with {Proximal} {Gradients}},
	url = {http://arxiv.org/abs/1909.03461},
	booktitle = {{USENIX} {Security}},
	author = {Ryan, Gabriel and Shah, Abhishek and She, Dongdong and Bhat, Koustubha and Jana, Suman},
	month = aug,
	year = {2021},
	keywords = {class\_testing, proj\_react, type\_conf, type\_paper, type\_tier1, type\_top},
}

SMASH: Synchronized Many-sided Rowhammer Attacks From JavaScript. de Ridder, F.; Frigo, P.; Vannacci, E.; Bos, H.; Giuffrida, C.; and Razavi, K. In USENIX Security, August 2021. Pwnie Award Nomination for Most Under-Hyped Research, Best Faculty of Science Master Thesis Award

SMASH: Synchronized Many-sided Rowhammer Attacks From JavaScript [pdf]

Paper

SMASH: Synchronized Many-sided Rowhammer Attacks From JavaScript [link]

Web

Code link bibtex 794 downloads

@inproceedings{de_ridder_smash_2021,
	title = {{SMASH}: {Synchronized} {Many}-sided {Rowhammer} {Attacks} {From} {JavaScript}},
	url = {Paper=https://download.vusec.net/papers/smash_sec21.pdf Web=https://www.vusec.net/projects/smash Code=https://github.com/vusec/smash},
	booktitle = {{USENIX} {Security}},
	author = {de Ridder, Finn and Frigo, Pietro and Vannacci, Emanuele and Bos, Herbert and Giuffrida, Cristiano and Razavi, Kaveh},
	month = aug,
	year = {2021},
	note = {Pwnie Award Nomination for Most Under-Hyped Research, Best Faculty of Science Master Thesis Award},
	keywords = {class\_rowhammer, proj\_offcore, proj\_panta, proj\_react, proj\_unicore, type\_award, type\_conf, type\_csec, type\_mscthesis, type\_paper, type\_tier1, type\_top},
}

Puncturable Pseudorandom Sets and Private Information Retrieval with Near-Optimal Online Bandwidth and Time. Shi, E.; Aqeel, W.; Chandrasekaran, B.; and Maggs, B. M. In CRYPTO, August 2021.

Puncturable Pseudorandom Sets and Private Information Retrieval with Near-Optimal Online Bandwidth and Time [pdf]

Paper link bibtex 3 downloads

@inproceedings{shi_puncturable_2021,
	title = {Puncturable {Pseudorandom} {Sets} and {Private} {Information} {Retrieval} with {Near}-{Optimal} {Online} {Bandwidth} and {Time}},
	url = {Paper=https://balakrishnanc.github.io/papers/shi-crypto2021.pdf},
	booktitle = {{CRYPTO}},
	author = {Shi, Elaine and Aqeel, Waqar and Chandrasekaran, Balakrishnan and Maggs, Bruce M.},
	month = aug,
	year = {2021},
	keywords = {class\_network, type\_conf, type\_paper, type\_tier1, type\_top},
}

AnyOpt: Predicting and Optimizing IP Anycast Performance. Zhang, X.; Sen, T.; Zhang, Z.; April, T.; Chandrasekaran, B.; Choffnes, D.; Maggs, B. M.; Shen, H.; Sitaraman, R. K.; and Yang, X. In SIGCOMM, August 2021.

AnyOpt: Predicting and Optimizing IP Anycast Performance [pdf]

Paper link bibtex 4 downloads

@inproceedings{zhang_anyopt_2021,
	title = {{AnyOpt}: {Predicting} and {Optimizing} {IP} {Anycast} {Performance}},
	url = {Paper=https://balakrishnanc.github.io/papers/zhang-sigcomm2021.pdf},
	booktitle = {{SIGCOMM}},
	author = {Zhang, Xiao and Sen, Tanmoy and Zhang, Zheyuan and April, Tim and Chandrasekaran, Balakrishnan and Choffnes, David and Maggs, Bruce M. and Shen, Haiying and Sitaraman, Ramesh K. and Yang, Xiaowei},
	month = aug,
	year = {2021},
	keywords = {class\_network, type\_conf, type\_paper, type\_tier1, type\_top},
}

MAD: Memory Allocation meets Software Diversity. Wiesinger, M.; Daniel, D.; and Stefan, B. In June 2021.

MAD: Memory Allocation meets Software Diversity [pdf]

Paper link bibtex 9 downloads

@inproceedings{wiesinger_mad_2021,
	title = {{MAD}: {Memory} {Allocation} meets {Software} {Diversity}},
	url = {https://dramsec.ethz.ch/papers/mad.pdf},
	author = {Wiesinger, Manuel and Daniel, Dorfmeister and Stefan, Brunthaler},
	month = jun,
	year = {2021},
	keywords = {class\_rowhammer, type\_paper, type\_workshop},
}

FIRestarter: Practical Software Crash Recovery with Targeted Library-level Fault Injection. Bhat, K.; van der Kouwe, E.; Bos, H.; and Giuffrida, C. In DSN, June 2021.

FIRestarter: Practical Software Crash Recovery with Targeted Library-level Fault Injection [pdf]

Paper

FIRestarter: Practical Software Crash Recovery with Targeted Library-level Fault Injection [link]

Code link bibtex 50 downloads

@inproceedings{bhat_firestarter_2021,
	title = {{FIRestarter}: {Practical} {Software} {Crash} {Recovery} with {Targeted} {Library}-level {Fault} {Injection}},
	url = {Paper=https://download.vusec.net/papers/firestarter_dsn21.pdf Code=https://github.com/vusec/firestarter},
	booktitle = {{DSN}},
	author = {Bhat, Koustubha and van der Kouwe, Erik and Bos, Herbert and Giuffrida, Cristiano},
	month = jun,
	year = {2021},
	keywords = {class\_reliability, proj\_binrec, proj\_panta, proj\_react, proj\_tropics, proj\_unicore, type\_conf, type\_paper, type\_tier1, type\_top},
}

FPVI Vulnerability. Ragab, H.; Barberis, E.; Bos, H.; and Giuffrida, C. June 2021. Affected vendors: Intel (Bounty Reward), AMD, Mozilla (Bounty Reward), Other SW Vendors

Web

CVE-2021-0086 (Intel)

CVE-2021-26314 (AMD)

CVE-2021-29955 (Mozilla) link bibtex 6 downloads

@misc{ragab_fpvi_2021,
	title = {{FPVI} {Vulnerability}},
	url = {Web=https://www.vusec.net/projects/fpvi-scsb CVE-2021-0086_(Intel)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0086 CVE-2021-26314_(AMD)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26314 CVE-2021-29955_(Mozilla)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29955},
	author = {Ragab, Hany and Barberis, Enrico and Bos, Herbert and Giuffrida, Cristiano},
	month = jun,
	year = {2021},
	note = {Affected vendors: Intel (Bounty Reward), AMD, Mozilla (Bounty Reward), Other SW Vendors},
	keywords = {type\_cve},
}

SCSB Vulnerability. Ragab, H.; Barberis, E.; Bos, H.; and Giuffrida, C. June 2021. Affected vendors: Intel (Bounty Reward), AMD, Xen, Other SW Vendors

Web

CVE-2021-0089 (Intel)

CVE-2021-26313 (AMD) link bibtex

@misc{ragab_scsb_2021,
	title = {{SCSB} {Vulnerability}},
	url = {Web=https://www.vusec.net/projects/fpvi-scsb CVE-2021-0089_(Intel)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0089 CVE-2021-26313_(AMD)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26313},
	author = {Ragab, Hany and Barberis, Enrico and Bos, Herbert and Giuffrida, Cristiano},
	month = jun,
	year = {2021},
	note = {Affected vendors: Intel (Bounty Reward), AMD, Xen, Other SW Vendors},
	keywords = {type\_cve},
}

CrossTalk: Speculative Data Leaks Across Cores Are Real. Ragab, H.; Milburn, A.; Razavi, K.; Bos, H.; and Giuffrida, C. In S&P, May 2021. Intel Bounty Reward

CrossTalk: Speculative Data Leaks Across Cores Are Real [pdf]

Paper

CrossTalk: Speculative Data Leaks Across Cores Are Real [link]

Web

Code

Press link bibtex 541 downloads

@inproceedings{ragab_crosstalk_2021,
	title = {{CrossTalk}: {Speculative} {Data} {Leaks} {Across} {Cores} {Are} {Real}},
	url = {Paper=https://download.vusec.net/papers/crosstalk_sp21.pdf Web=https://www.vusec.net/projects/crosstalk Code=https://github.com/vusec/ridl Press=https://bit.ly/3frdRuV},
	booktitle = {S\&{P}},
	author = {Ragab, Hany and Milburn, Alyssa and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = may,
	year = {2021},
	note = {Intel Bounty Reward},
	keywords = {class\_sidechannels, proj\_binrec, proj\_offcore, proj\_panta, proj\_panta\_list, proj\_react, proj\_unicore, type\_award, type\_bounty, type\_conf, type\_cve\_assigned, type\_paper, type\_press, type\_tier1, type\_top},
}

SoK: Enabling Security Analyses of Embedded Systems via Rehosting. Fasano, A.; Ballo, T.; Muench, M.; Leek, T.; Bulekov, A.; Dolan-Gavitt, B.; Egele, M.; Francillon, A.; Lu, L.; Gregory, N.; Balzarotti, D.; and Robertson, W. In ASIACCS, May 2021.

SoK: Enabling Security Analyses of Embedded Systems via Rehosting [link]

Paper doi link bibtex abstract 21 downloads

@inproceedings{fasano_sok_2021,
	title = {{SoK}: {Enabling} {Security} {Analyses} of {Embedded} {Systems} via {Rehosting}},
	url = {https://dl.acm.org/doi/pdf/10.1145/3433210.3453093},
	doi = {10.1145/3433210.3453093},
	abstract = {Closely monitoring the behavior of a software system during its execution enables developers and analysts to observe, and ultimately understand, how it works. This kind of dynamic analysis can be instrumental to reverse engineering, vulnerability discovery, exploit development, and debugging. While these analyses are typically well-supported for homogeneous desktop platforms (e.g., x86 desktop PCs), they can rarely be applied in the heterogeneous world of embedded systems. One approach to enable dynamic analyses of embedded systems is to move software stacks from physical systems into virtual environments that sufficiently model hardware behavior. This process which we call "rehosting" poses a significant research challenge with major implications for security analyses. Although rehosting has traditionally been an unscientific and ad-hoc endeavor undertaken by domain experts with varying time and resources at their disposal, researchers are beginning to address rehosting challenges systematically and in earnest. In this paper, we establish that emulation is insufficient to conduct large-scale dynamic analysis of real-world hardware systems and present rehosting as a firmware-centric alternative. Furthermore, we taxonomize preliminary rehosting efforts, identify the fundamental components of the rehosting process, and propose directions for future research.},
	booktitle = {{ASIACCS}},
	author = {Fasano, Andrew and Ballo, Tiemoko and Muench, Marius and Leek, Tim and Bulekov, Alexander and Dolan-Gavitt, Brendan and Egele, Manuel and Francillon, Aurélien and Lu, Long and Gregory, Nick and Balzarotti, Davide and Robertson, William},
	month = may,
	year = {2021},
	keywords = {class\_binary, dynamic program analysis, embedded systems, emulation, firmware security, internet of things, proj\_intersect, proj\_tropics, rehosting, type\_conf, type\_paper, type\_top, virtualization},
}

PIBE: Practical Kernel Control-flow Hardening with Profile-guided Indirect Branch Elimination. Duta, V.; Giuffrida, C.; Bos, H.; and van der Kouwe, E. In ASPLOS, April 2021.

Paper

Code link bibtex 11 downloads Artifact Evaluation Badges: Artifacts Available

@inproceedings{duta_pibe_2021,
	title = {{PIBE}: {Practical} {Kernel} {Control}-flow {Hardening} with {Profile}-guided {Indirect} {Branch} {Elimination}},
	url = {Paper=https://download.vusec.net/papers/pibe_asplos21.pdf Code=https://github.com/vusec/pibe},
	booktitle = {{ASPLOS}},
	author = {Duta, Victor and Giuffrida, Cristiano and Bos, Herbert and van der Kouwe, Erik},
	month = apr,
	year = {2021},
	keywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\_sanitizer, proj\_binrec, proj\_offcore, proj\_panta, proj\_react, proj\_tropics, proj\_unicore, type\_ae, type\_conf, type\_paper, type\_tier1, type\_top},
}

CollabFuzz: A Framework for Collaborative Fuzzing. Österlund, S.; Geretto, E.; Jemmett, A.; Güler, E.; Görz, P.; Holz, T.; Giuffrida, C.; and Bos, H. In EuroSec, April 2021.

CollabFuzz: A Framework for Collaborative Fuzzing [pdf]

Paper

CollabFuzz: A Framework for Collaborative Fuzzing [link]

Code link bibtex 444 downloads

@inproceedings{osterlund_collabfuzz_2021,
	title = {{CollabFuzz}: {A} {Framework} for {Collaborative} {Fuzzing}},
	url = {Paper=https://download.vusec.net/papers/collabfuzz_eurosec21.pdf Code=https://github.com/vusec/collabfuzz},
	booktitle = {{EuroSec}},
	author = {Österlund, Sebastian and Geretto, Elia and Jemmett, Andrea and Güler, Emre and Görz, Philipp and Holz, Thorsten and Giuffrida, Cristiano and Bos, Herbert},
	month = apr,
	year = {2021},
	keywords = {class\_testing, proj\_react, proj\_securecode, type\_csec, type\_paper, type\_workshop},
}

Who's Debugging the Debuggers? Exposing Debug Information Bugs in Optimized Binaries. Di Luna, G. A.; Italiano, D.; Massarelli, L.; Österlund, S.; Giuffrida, C.; and Querzoni, L. In ASPLOS, April 2021. Distinguished Paper Award

Who's Debugging the Debuggers? Exposing Debug Information Bugs in Optimized Binaries [pdf]

Paper link bibtex 111 downloads Artifact Evaluation Badges: Artifacts Functional

@inproceedings{di_luna_whos_2021,
	title = {Who's {Debugging} the {Debuggers}? {Exposing} {Debug} {Information} {Bugs} in {Optimized} {Binaries}},
	url = {https://download.vusec.net/papers/debug2_asplos21.pdf},
	booktitle = {{ASPLOS}},
	author = {Di Luna, Giuseppe Antonio and Italiano, Davide and Massarelli, Luca and Österlund, Sebastian and Giuffrida, Cristiano and Querzoni, Leonardo},
	month = apr,
	year = {2021},
	note = {Distinguished Paper Award},
	keywords = {artifacts:functional, artifacts:reproduced, class\_testing, proj\_react, proj\_securecode, type\_ae, type\_award, type\_conf, type\_paper, type\_tier1, type\_top},
}

SoC Security Evaluation: Reflections on Methodology and Tooling. Corteggiani, N.; Camurati, G.; Muench, M.; Poeplau, S.; and Francillon, A. IEEE Design & Test, 38(1): 7–13. February 2021.

SoC Security Evaluation: Reflections on Methodology and Tooling [pdf]

Paper doi link bibtex 14 downloads

@article{corteggiani_soc_2021,
	title = {{SoC} {Security} {Evaluation}: {Reflections} on {Methodology} and {Tooling}},
	volume = {38},
	issn = {2168-2356, 2168-2364},
	shorttitle = {{SoC} {Security} {Evaluation}},
	url = {https://www.eurecom.fr/publication/6307/download/sec-publi-6307.pdf},
	doi = {10.1109/MDAT.2020.3013827},
	number = {1},
	urldate = {2021-08-19},
	journal = {IEEE Design \& Test},
	author = {Corteggiani, Nassim and Camurati, Giovanni and Muench, Marius and Poeplau, Sebastian and Francillon, Aurelien},
	month = feb,
	year = {2021},
	keywords = {class\_binary, type\_journal, type\_paper},
	pages = {7--13},
}

Tricking Hardware into Efficiently Securing Software. Koning, K. Ph.D. Thesis, VU Amsterdam, January 2021.

Tricking Hardware into Efficiently Securing Software [pdf]

Thesis link bibtex 8 downloads

@phdthesis{koning_tricking_2021,
	type = {{PhD} {Thesis}},
	title = {Tricking {Hardware} into {Efficiently} {Securing} {Software}},
	url = {Thesis=https://research.vu.nl/ws/portalfiles/portal/120740500/983666.pdf},
	school = {VU Amsterdam},
	author = {Koning, Koen},
	month = jan,
	year = {2021},
	keywords = {class\_sanitizer, type\_thesis},
}

Automatically Eliminating Speculative Leaks from Cryptographic Code with Blade. Vassena, M.; Disselkoen, C.; von Gleissenthall, K.; Cauligi, S.; Ghokan Kici, R.; Jhala, R.; Tullsen, D.; and Stefan, D. In POPL, January 2021. Distinguished Paper Award

Automatically Eliminating Speculative Leaks from Cryptographic Code with Blade [pdf]

Paper

Automatically Eliminating Speculative Leaks from Cryptographic Code with Blade [link]

Code link bibtex 20 downloads

@inproceedings{vassena_automatically_2021,
	title = {Automatically {Eliminating} {Speculative} {Leaks} from {Cryptographic} {Code} with {Blade}},
	url = {Paper=http://goto.ucsd.edu/~gleissen/papers/blade.pdf Code=https://github.com/plsyssec/lucet-blade},
	booktitle = {{POPL}},
	author = {Vassena, Marco and Disselkoen, Craig and von Gleissenthall, Klaus and Cauligi, Sunjay and Ghokan Kici, Rami and Jhala, Ranjit and Tullsen, Dean and Stefan, Deian},
	month = jan,
	year = {2021},
	note = {Distinguished Paper Award},
	keywords = {class\_sidechannels, type\_award, type\_conf, type\_paper, type\_tier1, type\_top, verification},
}

Solver-Aided Constant-Time Hardware Verification. von Gleissenthall, K.; Gökhan Kici, R.; Stefan, D.; and Jhala, R. In CCS, November 2021.

Solver-Aided Constant-Time Hardware Verification [pdf]

Paper link bibtex 4 downloads

@inproceedings{von_gleissenthall_solver-aided_2021,
	title = {Solver-{Aided} {Constant}-{Time} {Hardware} {Verification}},
	url = {Paper=http://goto.ucsd.edu/~gleissen/papers/xenon.pdf},
	booktitle = {{CCS}},
	author = {von Gleissenthall, Klaus and Gökhan Kici, Rami and Stefan, Deian and Jhala, Ranjit},
	month = nov,
	year = {2021},
	keywords = {type\_conf, type\_paper, type\_tier1, type\_top, verification},
}

Theseus: Making Patching Happen. 2021. NWO (5 Years)

Paper link bibtex 11 downloads

@misc{noauthor_theseus_2021,
	title = {Theseus: {Making} {Patching} {Happen}},
	url = {https://www.vusec.net/funding/theseus},
	year = {2021},
	note = {NWO (5 Years)},
	keywords = {type\_grant, type\_nwo},
}

Vulcan: Forging Vulnerable Code to Fight Fire with Fire. van der Kouwe, E. 2021. NWO Veni (3 Years)
link bibtex

@misc{van_der_kouwe_vulcan_2021,
	title = {Vulcan: {Forging} {Vulnerable} {Code} to {Fight} {Fire} with {Fire}},
	author = {van der Kouwe, Erik},
	year = {2021},
	note = {NWO Veni (3 Years)},
	keywords = {type\_grant, type\_nwo},
}

2020 (18)

Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing. Güler, E.; Görz, P.; Geretto, E.; Jemmett, A.; Österlund, S.; Bos, H.; Giuffrida, C.; and Holz, T. In ACSAC, December 2020.

Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing [pdf]

Paper

Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing [link]

Code link bibtex 69 downloads Artifact Evaluation Badges: Artifacts Reusable

@inproceedings{guler_cupid_2020,
	title = {Cupid: {Automatic} {Fuzzer} {Selection} for {Collaborative} {Fuzzing}},
	url = {Paper=https://download.vusec.net/papers/cupid_acsac20.pdf Code=https://github.com/RUB-SysSec/cupid},
	booktitle = {{ACSAC}},
	author = {Güler, Emre and Görz, Philipp and Geretto, Elia and Jemmett, Andrea and Österlund, Sebastian and Bos, Herbert and Giuffrida, Cristiano and Holz, Thorsten},
	month = dec,
	year = {2020},
	keywords = {artifacts:reusable, class\_testing, proj\_react, type\_ae, type\_conf, type\_csec, type\_paper, type\_top},
}

Speculative Probing: Hacking Blind in the Spectre Era. Goktas, E.; Razavi, K.; Portokalidis, G.; Bos, H.; and Giuffrida, C. In CCS, November 2020. Pwnie Award for Most Innovative Research

Speculative Probing: Hacking Blind in the Spectre Era [pdf]

Paper

Speculative Probing: Hacking Blind in the Spectre Era [link]

Web

Code

Press link bibtex 672 downloads

@inproceedings{goktas_speculative_2020,
	title = {Speculative {Probing}: {Hacking} {Blind} in the {Spectre} {Era}},
	url = {Paper=https://download.vusec.net/papers/blindside_ccs20.pdf Web=https://www.vusec.net/projects/blindside Code=https://github.com/vusec/blindside Press=https://bit.ly/3c4MkhU},
	booktitle = {{CCS}},
	author = {Goktas, Enes and Razavi, Kaveh and Portokalidis, Georgios and Bos, Herbert and Giuffrida, Cristiano},
	month = nov,
	year = {2020},
	note = {Pwnie Award for Most Innovative Research},
	keywords = {class\_sidechannels, proj\_offcore, proj\_panta, proj\_panta\_list, proj\_react, proj\_unicore, type\_award, type\_conf, type\_csec, type\_paper, type\_press, type\_tier1, type\_top},
}

How to Keep Your Memory Safe and Your Software Fast. Kroes, T. Ph.D. Thesis, VU Amsterdam, September 2020.

How to Keep Your Memory Safe and Your Software Fast [link]

Thesis link bibtex 8 downloads

@phdthesis{kroes_how_2020,
	type = {{PhD} {Thesis}},
	title = {How to {Keep} {Your} {Memory} {Safe} and {Your} {Software} {Fast}},
	url = {Thesis=https://research.vu.nl/en/publications/how-to-keep-your-memory-safe-and-your-software-fast},
	school = {VU Amsterdam},
	author = {Kroes, Taddeus},
	month = sep,
	year = {2020},
	keywords = {class\_sanitizer, type\_thesis},
}

SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions. Konoth, R. K.; Fischer, B.; Fokkink, W.; Athanasopoulos, E.; Razavi, K.; and Bos, H. In EuroS&P, September 2020. Best Paper Award

SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions [pdf]

Paper link bibtex 92 downloads

@inproceedings{konoth_securepay_2020,
	title = {{SecurePay}: {Strengthening} {Two}-{Factor} {Authentication} for {Arbitrary} {Transactions}},
	url = {https://download.vusec.net/papers/securepay_eurosp20.pdf},
	booktitle = {{EuroS}\&{P}},
	author = {Konoth, Radhesh Krishnan and Fischer, Bjorn and Fokkink, Wan and Athanasopoulos, Elias and Razavi, Kaveh and Bos, Herbert},
	month = sep,
	year = {2020},
	note = {Best Paper Award},
	keywords = {class\_mobile, type\_conf, type\_paper},
}

TagBleed: Breaking KASLR on the Isolated Kernel Address Space Using Tagged TLBs. Koschel, J.; Giuffrida, C.; Bos, H.; and Razavi, K. In EuroS&P, September 2020.

TagBleed: Breaking KASLR on the Isolated Kernel Address Space Using Tagged TLBs [pdf]

Paper link bibtex 39 downloads

@inproceedings{koschel_tagbleed_2020,
	title = {{TagBleed}: {Breaking} {KASLR} on the {Isolated} {Kernel} {Address} {Space} {Using} {Tagged} {TLBs}},
	url = {https://download.vusec.net/papers/tagbleed_eurosp20.pdf},
	booktitle = {{EuroS}\&{P}},
	author = {Koschel, Jakob and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = sep,
	year = {2020},
	keywords = {class\_sidechannels, proj\_offcore, proj\_panta, proj\_react, proj\_unicore, type\_conf, type\_paper, type\_top},
}

ParmeSan: Sanitizer-guided Greybox Fuzzing. Österlund, S.; Razavi, K.; Bos, H.; and Giuffrida, C. In USENIX Security, August 2020.

ParmeSan: Sanitizer-guided Greybox Fuzzing [pdf]

Paper

ParmeSan: Sanitizer-guided Greybox Fuzzing [link]

Code link bibtex 78 downloads

@inproceedings{osterlund_parmesan_2020,
	title = {{ParmeSan}: {Sanitizer}-guided {Greybox} {Fuzzing}},
	url = {Paper=https://download.vusec.net/papers/parmesan_sec20.pdf Code=https://github.com/vusec/parmesan},
	booktitle = {{USENIX} {Security}},
	author = {Österlund, Sebastian and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = aug,
	year = {2020},
	keywords = {class\_testing, proj\_binrec, proj\_panta, proj\_react, proj\_securecode, proj\_vici, type\_conf, type\_paper, type\_tier1, type\_top},
}

Vulnerable by Design: Mitigating Design Flaws in Hardware and Software. Konoth, R. K. Ph.D. Thesis, VU Amsterdam, July 2020.

Vulnerable by Design: Mitigating Design Flaws in Hardware and Software [pdf]

Thesis link bibtex 12 downloads

@phdthesis{konoth_vulnerable_2020,
	type = {{PhD} {Thesis}},
	title = {Vulnerable by {Design}:  {Mitigating} {Design} {Flaws} in {Hardware} and {Software}},
	url = {Thesis=https://download.vusec.net/papers/konoth_thesis.pdf},
	school = {VU Amsterdam},
	author = {Konoth, Radhesh Krishnan},
	month = jul,
	year = {2020},
	keywords = {class\_rowhammer, type\_thesis},
}

Towards Constant-Time Foundations for the New Spectre Era. Cauligi, S.; Disselkoen, C.; von Gleissenthall, K.; Tullsen, D.; Stefan, D.; Rezk, T.; and Barthe, G. In PLDI, June 2020.

Towards Constant-Time Foundations for the New Spectre Era [pdf]

Paper

Towards Constant-Time Foundations for the New Spectre Era [link]

Code link bibtex 4 downloads

@inproceedings{cauligi_towards_2020,
	title = {Towards {Constant}-{Time} {Foundations} for the {New} {Spectre} {Era}},
	url = {Paper=http://goto.ucsd.edu/~gleissen/papers/spectre-semantics.pdf Code=https://pitchfork.programming.systems/},
	booktitle = {{PLDI}},
	author = {Cauligi, Sunjay and Disselkoen, Craig and von Gleissenthall, Klaus and Tullsen, Dean and Stefan, Deian and Rezk, Tamara and Barthe, Gilles},
	month = jun,
	year = {2020},
	keywords = {class\_sidechannels, type\_conf, type\_paper, type\_tier1, type\_top, verification},
}

SRBDS (CrossTalk) Vulnerability. Ragab, H.; Milburn, A.; Razavi, K.; Bos, H.; and Giuffrida, C. June 2020. Affected Vendors: Intel (Bounty Reward), SW Vendors

Web

CVE-2020-0543 (Intel) link bibtex 2 downloads

@misc{ragab_srbds_2020,
	title = {{SRBDS} ({CrossTalk}) {Vulnerability}},
	url = {Web=https://www.vusec.net/projects/crosstalk CVE-2020-0543_(Intel)=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543},
	author = {Ragab, Hany and Milburn, Alyssa and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = jun,
	year = {2020},
	note = {Affected Vendors: Intel (Bounty Reward), SW Vendors},
	keywords = {type\_cve},
}

NetCAT: Practical Cache Attacks from the Network. Kurth, M.; Gras, B.; Andriesse, D.; Giuffrida, C.; Bos, H.; and Razavi, K. In S&P, May 2020. Intel Bounty Reward, Pwnie Award Nomination for Most Innovative Research

NetCAT: Practical Cache Attacks from the Network [pdf]

Paper

Slides

NetCAT: Practical Cache Attacks from the Network [link]

Web

Press link bibtex 367 downloads

@inproceedings{kurth_netcat_2020,
	title = {{NetCAT}: {Practical} {Cache} {Attacks} from the {Network}},
	url = {Paper=https://download.vusec.net/papers/netcat_sp20.pdf Slides=https://download.vusec.net/slides/netcat_sp20.pdf Web=https://www.vusec.net/projects/netcat Press=https://bit.ly/2LULskB},
	booktitle = {S\&{P}},
	author = {Kurth, Michael and Gras, Ben and Andriesse, Dennis and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = may,
	year = {2020},
	note = {Intel Bounty Reward, Pwnie Award Nomination for Most Innovative Research},
	keywords = {class\_sidechannels, proj\_offcore, proj\_panta, proj\_react, proj\_unicore, proj\_vici, type\_award, type\_bounty, type\_conf, type\_csec, type\_cve\_assigned, type\_mscthesis, type\_paper, type\_press, type\_tier1, type\_top},
}

TRRespass: Exploiting the Many Sides of Target Row Refresh. Frigo, P.; Vannacci, E.; Hassan, H.; van der Veen, V.; Mutlu, O.; Giuffrida, C.; Bos, H.; and Razavi, K. In S&P, May 2020. Best Paper Award, Pwnie Award for Most Innovative Research, IEEE Micro Top Picks Honorable Mention, DCSR Paper Award

TRRespass: Exploiting the Many Sides of Target Row Refresh [pdf]

Paper

Slides

TRRespass: Exploiting the Many Sides of Target Row Refresh [link]

Web

Code

Press link bibtex 854 downloads

@inproceedings{frigo_trrespass_2020,
	title = {{TRRespass}: {Exploiting} the {Many} {Sides} of {Target} {Row} {Refresh}},
	url = {Paper=https://download.vusec.net/papers/trrespass_sp20.pdf Slides=https://download.vusec.net/slides/trrespass_sp20.pdf Web=https://www.vusec.net/projects/trrespass Code=https://github.com/vusec/trrespass Press=https://bit.ly/2UXWKJ4},
	booktitle = {S\&{P}},
	author = {Frigo, Pietro and Vannacci, Emanuele and Hassan, Hasan and van der Veen, Victor and Mutlu, Onur and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = may,
	year = {2020},
	note = {Best Paper Award, Pwnie Award for Most Innovative Research, IEEE Micro Top Picks Honorable Mention, DCSR Paper Award},
	keywords = {class\_rowhammer, proj\_offcore, proj\_panta, proj\_react, proj\_unicore, proj\_vici, type\_award, type\_conf, type\_cve\_assigned, type\_paper, type\_press, type\_tier1, type\_top},
}

Benchmarking Flaws Undermine Security Research. Van Der Kouwe, E.; Heiser, G.; Andriesse, D.; Bos, H.; and Giuffrida, C. IEEE S&P Magazine, 18(3): 48–57. May 2020.

Benchmarking Flaws Undermine Security Research [pdf]

Paper

Benchmarking Flaws Undermine Security Research [link]

Web

Press link bibtex 12 downloads

@article{van_der_kouwe_benchmarking_2020,
	title = {Benchmarking {Flaws} {Undermine} {Security} {Research}},
	volume = {18},
	url = {Paper=https://download.vusec.net/papers/benchmarking_sp20.pdf Web=https://www.vusec.net/projects/benchmarking-crimes Press=https://bit.ly/3knxXIk},
	number = {3},
	journal = {IEEE S\&P Magazine},
	author = {Van Der Kouwe, Erik and Heiser, Gernot and Andriesse, Dennis and Bos, Herbert and Giuffrida, Cristiano},
	month = may,
	year = {2020},
	keywords = {class\_sanitizer, class\_sok, proj\_binrec, proj\_panta, proj\_react, proj\_securecode, proj\_unicore, proj\_vici, type\_csec, type\_mag, type\_paper},
	pages = {48--57},
}

PANDAcap: A Framework for Streamlining Collection of Full-System Traces. Stamatogiannakis, M.; Bos, H.; and Groth, P. In EuroSec, April 2020.

PANDAcap: A Framework for Streamlining Collection of Full-System Traces [pdf]

Paper

Slides

PANDAcap: A Framework for Streamlining Collection of Full-System Traces [link]

Code link bibtex 41 downloads

@inproceedings{stamatogiannakis_pandacap_2020,
	title = {{PANDAcap}: {A} {Framework} for {Streamlining} {Collection} of {Full}-{System} {Traces}},
	url = {Paper=https://download.vusec.net/papers/pandacap-eurosec20.pdf Slides=https://download.vusec.net/slides/pandacap-eurosec20.pdf Code=https://github.com/vusec/pandacap},
	booktitle = {{EuroSec}},
	author = {Stamatogiannakis, Manolis and Bos, Herbert and Groth, Paul},
	month = apr,
	year = {2020},
	keywords = {PANDA, class\_provenance, dataset, docker, framework, honeypot, record and replay, type\_paper, type\_workshop},
}

BinRec: Dynamic Binary Lifting and Recompilation. Altinay, A.; Nash, J.; Kroes, T.; Rajasekaran, P.; Zhou, D.; Dabrowski, A.; Gens, D.; Na, Y.; Volckaert, S.; Giuffrida, C.; Bos, H.; and Franz, M. In EuroSys, April 2020.

BinRec: Dynamic Binary Lifting and Recompilation [pdf]

Paper

BinRec: Dynamic Binary Lifting and Recompilation [link]

Code link bibtex 88 downloads

@inproceedings{altinay_binrec_2020,
	title = {{BinRec}: {Dynamic} {Binary} {Lifting} and {Recompilation}},
	url = {Paper=https://download.vusec.net/papers/binrec_eurosys20.pdf Code=https://github.com/securesystemslab/BinRec},
	booktitle = {{EuroSys}},
	author = {Altinay, Anil and Nash, Joseph and Kroes, Taddeus and Rajasekaran, Prabhu and Zhou, Dixin and Dabrowski, Adrian and Gens, David and Na, Yeoul and Volckaert, Stijn and Giuffrida, Cristiano and Bos, Herbert and Franz, Michael},
	month = apr,
	year = {2020},
	keywords = {class\_binary, proj\_binrec, proj\_vici, type\_conf, type\_paper, type\_tier1, type\_top},
}

TRRespass Vulnerability. Frigo, P.; Vannacci, E.; Hassan, H.; van der Veen, V.; Mutlu, O.; Giuffrida, C.; Bos, H.; and Razavi, K. March 2020. Affected Vendors: Micron, Samsung, SK Hynix, SW Vendors

Web

CVE-2020-10255 link bibtex

@misc{frigo_trrespass_2020-1,
	title = {{TRRespass} {Vulnerability}},
	url = {Web=https://www.vusec.net/projects/trrespass CVE-2020-10255=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10255},
	author = {Frigo, Pietro and Vannacci, Emanuele and Hassan, Hasan and van der Veen, Victor and Mutlu, Onur and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = mar,
	year = {2020},
	note = {Affected Vendors: Micron, Samsung, 
SK Hynix, SW Vendors},
	keywords = {type\_cve},
}

ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures. Gras, B.; Giuffrida, C.; Kurth, M.; Bos, H.; and Razavi, K. In NDSS, February 2020.

ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures [pdf]

Paper link bibtex 65 downloads

@inproceedings{gras_absynthe_2020,
	title = {{ABSynthe}: {Automatic} {Blackbox} {Side}-channel {Synthesis} on {Commodity} {Microarchitectures}},
	url = {https://download.vusec.net/papers/absynthe_ndss20.pdf},
	booktitle = {{NDSS}},
	author = {Gras, Ben and Giuffrida, Cristiano and Kurth, Michael and Bos, Herbert and Razavi, Kaveh},
	month = feb,
	year = {2020},
	keywords = {class\_sidechannels, proj\_offcore, proj\_panta, proj\_react, proj\_unicore, proj\_vici, type\_conf, type\_paper, type\_tier1, type\_top},
}

Computing Device with Increased Resistance Against Rowhammer Attacks. Konoth, R. K.; Tatar, A.; Oliverio, M.; Andriesse, D.; Bos, H.; Giuffrida, C.; and Razavi, K. January 2020.

Computing Device with Increased Resistance Against Rowhammer Attacks [link]

Paper link bibtex 5 downloads

@patent{konoth_computing_2020,
	title = {Computing {Device} with {Increased} {Resistance} {Against} {Rowhammer} {Attacks}},
	url = {https://patents.google.com/patent/US20200012600A1/en},
	nationality = {US},
	assignee = {Koninklijke Philips NV},
	number = {US20200012600A1},
	author = {Konoth, Radesh Krishnan and Tatar, Andrei and Oliverio, Marco and Andriesse, Dennis and Bos, Herbert and Giuffrida, Cristiano and Razavi, Kaveh},
	month = jan,
	year = {2020},
	keywords = {class\_rowhammer, memory, operating, page, proj\_protasis, proj\_react, proj\_unicore, proj\_vici, region, type\_patent, unsafe},
}

VMware Early Career Faculty Grant. Giuffrida, C. 2020. VMWare (1 Year)
link bibtex

@misc{giuffrida_vmware_2020,
	title = {{VMware} {Early} {Career} {Faculty} {Grant}},
	author = {Giuffrida, Cristiano},
	year = {2020},
	note = {VMWare (1 Year)},
	keywords = {type\_grant, type\_industry},
}

2019 (6)

VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching. Pawlowski, A.; van der Veen, V.; Andriesse, D.; van der Kouwe, E.; Holz, T.; Giuffrida, C.; and Bos, H. In ACSAC, December 2019.

VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching [pdf]

Paper link bibtex 10 downloads

@inproceedings{pawlowski_vps_2019,
	title = {{VPS}: {Excavating} {High}-{Level} {C}++ {Constructs} from {Low}-{Level} {Binaries} to {Protect} {Dynamic} {Dispatching}},
	url = {https://download.vusec.net/papers/vps_acsac19.pdf},
	booktitle = {{ACSAC}},
	author = {Pawlowski, Andre and van der Veen, Victor and Andriesse, Dennis and van der Kouwe, Erik and Holz, Thorsten and Giuffrida, Cristiano and Bos, Herbert},
	month = dec,
	year = {2019},
	keywords = {class\_armor, proj\_binrec, proj\_react, proj\_unicore, type\_conf, type\_csec, type\_paper, type\_top},
}

When Memory Serves not so Well: Memory Errors 30 Years Late. van der Veen, V. Ph.D. Thesis, VU Amsterdam, October 2019. EuroSys Roger Needham PhD Award, SIGSAC Doctoral Dissertation Award, William C. Carter PhD Dissertation Award

When Memory Serves not so Well: Memory Errors 30 Years Late [pdf]

Thesis link bibtex 2 downloads

@phdthesis{van_der_veen_when_2019,
	type = {{PhD} {Thesis}},
	title = {When {Memory} {Serves} not so {Well}: {Memory} {Errors} 30 {Years} {Late}},
	url = {Thesis=https://vvdveen.com/publications/dissertation.pdf},
	school = {VU Amsterdam},
	author = {van der Veen, Victor},
	month = oct,
	year = {2019},
	note = {EuroSys Roger Needham PhD Award, SIGSAC Doctoral Dissertation Award, William C. Carter PhD Dissertation Award},
	keywords = {class\_binary, type\_award, type\_thesis, type\_thesis\_award},
}

Between a Hard and a Soft Place: The (In)secure Interplay of Hardware and software. Cojocar, L. Ph.D. Thesis, VU Amsterdam, September 2019.

Between a Hard and a Soft Place: The (In)secure Interplay of Hardware and software [pdf]

Thesis link bibtex

@phdthesis{cojocar_between_2019,
	type = {{PhD} {Thesis}},
	title = {Between a {Hard} and a {Soft} {Place}: {The} ({In})secure {Interplay} of {Hardware} and software},
	url = {Thesis=https://research.vu.nl/ws/portalfiles/portal/86672930/complete+dissertation.pdf},
	school = {VU Amsterdam},
	author = {Cojocar, Lucian},
	month = sep,
	year = {2019},
	keywords = {class\_binary, type\_thesis},
}

NetCAT Vulnerability. Kurth, M.; Gras, B.; Andriesse, D.; Giuffrida, C.; Bos, H.; and Razavi, K. September 2019. Affected Vendors: Intel (Bounty Reward), SW Vendors

Web

CVE-2019-11184 link bibtex

@misc{kurth_netcat_2019,
	title = {{NetCAT} {Vulnerability}},
	url = {Web=https://www.vusec.net/projects/netcat CVE-2019-11184=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11184},
	author = {Kurth, Michael and Gras, Ben and Andriesse, Dennis and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = sep,
	year = {2019},
	note = {Affected Vendors: Intel (Bounty Reward), SW Vendors},
	keywords = {type\_cve},
}

IODINE: Verifying Constant-Time Execution of Hardware. von Gleissenthall, K.; Gokhan Kici, R.; Stefan, D.; and Jhala, R. In USENIX Security, August 2019.

IODINE: Verifying Constant-Time Execution of Hardware [pdf]

Paper

IODINE: Verifying Constant-Time Execution of Hardware [link]

Code

Slides link bibtex 5 downloads

@inproceedings{von_gleissenthall_iodine_2019,
	title = {{IODINE}: {Verifying} {Constant}-{Time} {Execution} of {Hardware}},
	url = {Paper=http://goto.ucsd.edu/~gleissen/papers/iodine.pdf Code=https://github.com/gokhankici/iodine Slides=http://goto.ucsd.edu/~gleissen/papers/iodine-slides.pdf},
	booktitle = {{USENIX} {Security}},
	author = {von Gleissenthall, Klaus and Gokhan Kici, Rami and Stefan, Deian and Jhala, Ranjit},
	month = aug,
	year = {2019},
	keywords = {type\_conf, type\_paper, type\_tier1, type\_top, verification},
}

Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks. Hong, S.; Frigo, P.; Kaya, Y.; Giuffrida, C.; and Dumitras, T. In USENIX Security, August 2019.

Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks [pdf]

Paper link bibtex 14 downloads

@inproceedings{hong_terminal_2019,
	title = {Terminal {Brain} {Damage}: {Exposing} the {Graceless} {Degradation} in {Deep} {Neural} {Networks} {Under} {Hardware} {Fault} {Attacks}},
	url = {https://download.vusec.net/papers/deephammer_sec19.pdf},
	booktitle = {{USENIX} {Security}},
	author = {Hong, Sanghyun and Frigo, Pietro and Kaya, Yigitcan and Giuffrida, Cristiano and Dumitras, Tudor},
	month = aug,
	year = {2019},
	keywords = {class\_rowhammer, proj\_panta, proj\_panta\_list, proj\_react, proj\_unicore, type\_conf, type\_paper, type\_tier1, type\_top},
}