• Publications
  • Influence
VUzzer: Application-aware Evolutionary Fuzzing
We present an application - aware evolutionary fuzzing strategy that does not require any prior knowledge of the application or input format . Expand
Out of Control: Overcoming Control-Flow Integrity
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing. In its idealExpand
Practical Context-Sensitive CFI
We present PathArmor, a binary-level CCFI implementation which tracks paths to sensitive program states, and defines the set of valid control edges within the state context to yield higher precision than existing CFI implementations. Expand
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
We show that deterministic Rowhammer attacks are feasible on commodity mobile platforms and that they cannot be mitigated by current defenses. Expand
RIDL: Rogue In-Flight Data Load
We present Rogue In-flight Data Load (RIDL), a new class of speculative unprivileged and constrained attacks to leak arbitrary data across address spaces and privilege boundaries (e.g., process, kernel, SGX, and even CPU-internal operations). Expand
Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks
We show for the first time that hardware translation lookaside buffers can be abused to leak fine-grained information about a victim's activity even when CPU cache activity is guarded by state-of-the-art cache side-channel protections, such as CAT and TSX. Expand
Paranoid Android: versatile protection for smartphones
We propose an alternative solution, where security checks are applied on remote security servers that host exact replicas of the phones in virtual environments, allowing us to apply multiple detection techniques simultaneously. Expand
Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation
We present Argos, a fast x86 emulator which tracks network data throughout execution to identify their invalid use as jump targets, function addresses, instructions, etc. Expand
ASLR on the Line: Practical Cache Attacks on the MMU
Address space layout randomization (ASLR) is an important first line of defense against memory corruption attacks and a building block for many modern countermeasures. Expand
A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level
In this paper, we propose binary-level analysis techniques to significantly reduce the number of possible targets for indirect control flow transfers on the forward edge. Expand