• Publications
  • Influence
Peer-to-Peer Botnets: Overview and Case Study
TLDR
We present an overview of peer-to-peer botnets and a case study of a Kademlia-based Trojan.Peacomm bot. Expand
  • 420
  • 33
  • PDF
Rosemary: A Robust, Secure, and High-performance Network Operating System
TLDR
We present the ROSEMARY controller, which implements a network application containment and resilience strategy based around the notion of spawning applications independently within a micro-NOS, all designed to prevent common failures of network applications from halting operation of the SDN Stack. Expand
  • 202
  • 18
  • PDF
OpenSGX: An Open Platform for SGX Research
TLDR
We develop a fully functional, instruction-compatible emulator of Intel SGX for enabling the exploration of software/hardware design space, and development of enclave programs. Expand
  • 65
  • 9
  • PDF
Hacking in Darkness: Return-oriented Programming against Secure Enclaves
TLDR
We demonstrate a practical exploitation technique, called Dark-ROP, which can completely disarm the security guarantees of SGX. Expand
  • 75
  • 7
  • PDF
ATRA: Address Translation Redirection Attack against Hardware-based External Monitors
TLDR
We introduce the design and implementation of Address Translation Redirection Attack (ATRA) that enables complete evasion of the hardware-based external monitor that anchors its trust on a separate processor. Expand
  • 29
  • 7
  • PDF
Vigilare: toward snoop-based kernel integrity monitor
TLDR
In this paper, we present Vigilare system, a kernel integrity monitor that is architected to snoop the bus traffic of the host system from a separate independent hardware. Expand
  • 77
  • 5
  • PDF
KI-Mon ARM: A Hardware-Assisted Event-triggered Monitoring Platform for Mutable Kernel Object
TLDR
External hardware-based kernel integrity monitors have been proposed to mitigate kernel-level malwares. Expand
  • 43
  • 5
  • PDF
DoubleGuard: Detecting Intrusions in Multitier Web Applications
TLDR
In this paper, we present DoubleGuard, an IDS system that models the network behavior of user sessions across both the front-end webserver and the back-end database. Expand
  • 78
  • 5
  • PDF
The waledac protocol: The how and why
TLDR
This paper explains the various aspects of the Waledac botnet infrastructures to give defenders a better understanding of the botnet in order to protect themselves and others. Expand
  • 80
  • 4
  • PDF
Tumbling Down the Rabbit Hole: Exploring the Idiosyncrasies of Botmaster Systems in a Multi-Tier Botnet Infrastructure
TLDR
In this paper we advance the understanding of botmaster-owned systems in an advanced botnet, Waledac, through the analysis of file-system and network trace data from the upper-tiers in its architecture. Expand
  • 32
  • 4
  • PDF