Christian Kreibich

Learn More
The open nature of Internet services has been of great value to users, enabling dramatic innovation and evolution of services. However, this openness permits many abuses of open-access Internet services such as web, email, and DNS. To counteract such abuses, a number of so called proof-of-work schemes have been proposed. They aim to prevent or limit such(More)
Despite our growing reliance on mobile phones for a wide range of daily tasks, we remain largely in the dark about the operation and performance of our devices, including how (or whether) they protect the information we entrust to them, and with whom they share it. The absence of easy, device-local access to the traffic of our mobile phones presents a(More)
  • Pongsin Poosankam, Dawn Song, Frank Berkeley, André Pfenning, David Platzer, Stephen Brumley +36 others
  • 2013
Concolic execution is a technique for program analysis that makes the values of certain inputs symbolic, symbolically executes a program's code, and computes a symbolic logical formula to represent a desired behavior of the program under analysis. The computed formula is then solved by a decision procedure to determine whether the desired behavior is(More)
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation. We are deeply grateful to the Netalyzr users for enabling this study and to our beta testers for the insightful comments and feedback. We would particularly(More)
— The Internet is currently lacking an infrastructure that automates the distribution of new vulnerability knowledge to organisations and the (semi-)automated implementation of this knowledge within organisations. In this paper, we present an architecture that achieves this, the major challenges and ways to address them, and the implications of such an(More)
In this work we undertake the creation of a framework for testing the degree to which network intrusion detection systems (NIDS) detect and handle evasion attacks. Our prototype system, idsprobe, takes as input a packet trace and from it constructs a configurable set of variant traces that introduce different forms of ambiguities that can lead to evasions.(More)
  • 1