Learn More
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software defense that stops shellcode, by reusing instructions from large libraries such as libc. Modern operating systems have since enabled address randomization (ASLR), which ran-domizes the location of libc, making these techniques unusable in practice. However,(More)
There are many security tools and techniques for analyzing software, but many of them require access to source code. We propose leveraging decompilation, the study of recovering abstractions from compiled code, to apply existing source-based tools and techniques to compiled programs. A decompiler should focus on two properties to be used for security.(More)
Most simulation models for data communication networks encompass hundreds of parameters that can each take on millions of values. Such models are difficult to understand, parameterize and investigate. This paper explains how to model a modern data communication network concisely, using only 20 parameters. Further, the paper demonstrates how this concise(More)
We propose, develop, and implement techniques for achieving contractual anonymity. In contractual anonymity , a user and service provider enter into an anonymity contract. The user is guaranteed anonymity and message unlinkability from the contractual anonymity system unless she breaks the contract. The service provider is guaranteed that it can identify(More)
Software vulnerabilities originating from design decisions are hard to find early and time consuming to fix later. We investigated whether the problematic design decisions themselves might be relatively easier to find, based on the concept of " technical debt, " i.e., design or implementation constructs that are expedient in the short term but make future(More)
  • 1