grsecurity/PaX Citations in Academic Research

2001 - 2018

  1. Gran: model checking grsecurity RBAC policies, 2012
  2. Granalyze: towards the automatic verification of Grsecurity RBAC policies, 2014
  3. Microsoft Research - RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization, 2007
  4. Microsoft Research - Data Randomization, 2008
  5. Microsoft Research - Control-flow integrity, 2005
  6. StackGhost: Hardware Facilitated Stack Protection, 2001
  7. A Decade of Linux Kernel Vulnerabilities, their Mitigation and Open Problems, 2018
  8. Secure program execution via dynamic information flow tracking, 2006
  9. Type-Assisted Dynamic Buffer Overflow Detection, 2002
  10. Address obfuscation: An efficient approach to combat a broad range of memory error exploits, 2003
  11. Protecting global and static variables from buffer overflow attacks without overhead, 2006
  12. Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths, 2004
  13. A Methodology for Designing Countermeasures Against Current and Future Code Injection Attacks, 2005
  14. e-nexsh: Achieving an effectively non-executable stack and heap via system-call policing, 2005
  15. Stackguard: Simple smash stack protection for GCC, 2003
  16. Run-time detection of heap-based overflows, 2003
  17. Avoiding Buffer Overflows and Related Problems, 2004
  18. Server Protection through Dynamic Patching, 2005
  19. SELinux and grsecurity: A Side-by-Size Comparison of Mandatory Access Control and Access Control List Implementations, 2003
  20. SELinux and grsecurity: A Case Study Comparing Linux Security Kernel Enhancements, 2003
  21. RSBAC-a framework for enhanced Linux system security, 2005
  22. Secure computing: SELinux, 2007
  23. Attacking Signed Binaries, 2005
  24. Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach, 2006
  25. Formalisation et garantie de propriétés de sécurité système: application à la détection d'intrusions, 2007
  26. Securing a Linux-based Multi-User Web Server, 2006
  27. Exploiting 802.11 Wireless Driver Vulnerabilities on Windows, 2006
  28. Détection D'intrusion Orientée Méta-Politique, 2005
  29. Abstract Efficient Techniques for Comprehensive Protection from Memory Error Exploits, 2005
  30. Predicting Security Vulnerabilities from Function Calls, 2007
  31. ARMORY: An auxiliary testing tool for automatic buffer overflow vulnerability detection, 2008
  32. Next generation debuggers for reverse engineering, 2007
  33. Centralized security policy support for virtual machine, 2006
  34. Secure remote management and software distribution for wireless mesh networks, 2007
  35. Attack-Redirector: A Server Protection and Honeypot Bait System, 2008
  36. A novel approach for distributed updates of MAC policies using a meta-protection framework, 2004
  37. A Linux Implementation of Temporal Access Controls, 2007
  38. FormatShield: A Binary Rewriting Defense against Format String Attacks, 2008
  39. Playing with ptrace() for fun and profit, 2006
  40. Increasing Information Security with Mandatory Access Controls in the Operating System, 2006
  41. Address Space Layout Permutation: Increasing Resistance to Memory Corruption Attacks, 2005
  42. Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems, 2005
  43. On the effectiveness of address-space randomization, 2004
  44. Collaboration between MAC Policies and IDS based on a Meta-Policy approach, 2006
  45. An Architectural Approach to Preventing Code Injection Attacks, 2007
  46. Alternative Xbox copy protection designs, 2005
  47. Software Security through Targeted Diversification, 2007
  48. Code Injection Attacks on Harvard-Architecture Devices, 2008
  49. When good instructions go bad: generalizing return-oriented programming to RISC, 2008
  50. Covert Debugging Circumventing Software Armoring Techniques, 2007
  51. Buffer Overflow Vulnerabilities: Exploits and Defensive Techniques, 2004
  52. Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities, 2008
  53. The FOREVER service for fault/intrusion removal, 2008
  54. Detection and Subversion of Virtual Machines, 2006
  55. Persistence in dynamic code transformation systems, 2005
  56. Panel: The Future of Biologically-Inspired Security: Is There Anything Left to Learn?, 2007
  57. Improved Network Security and Disguising TCP/IP Fingerprint through Dynamic Stack Modification, 2005
  58. Corruption de la Memoire lors de l'Exploitation, 2006
  59. Defeating memory corruption attacks via pointer taintedness detection, 2005
  60. Immunology, diversity, and homeostasis: The past and future of biologically inspired computer defenses, 2007
  61. Insecure Context Switching: Inoculating regular expressions for survivability, 2008
  62. Ensuring secure program execution in multiprocessor embedded systems: a case study, 2007
  63. Defeating Compiler-Level Buffer Overflow Protection, 2006
  64. Reverse Stack Execution, 2007
  65. Secure and practical defense against code-injection attacks using software dynamic translation, 2006
  66. Omniunpack: Fast, generic, and safe unpacking of malware, 2007
  67. Prevention of code-injection attacks by encrypting system call arguments, 2006
  68. Non-control-data attacks are realistic threats, 2005
  69. Combating Memory Corruption Attacks On Scada Devices, 2008
  70. Address-space randomization for Windows systems, 2006
  71. DieHard: Probabilistic memory safety for unsafe languages, 2006
  72. Secure Bit: Transparent, Hardware Buffer-Overflow Protection, 2006
  73. Improving address space randomization with a dynamic offset randomization technique, 2006
  74. x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique, 2005
  75. Known/chosen key attacks against software instruction set randomization, 2006
  76. A Survey of Randomization Techniques Against Common Mode Attacks, 2005
  77. An immune system inspired approach for protection from repetitive attacks, 2005
  78. Efficient protection against heap-based buffer overflows without resorting to magic, 2006
  79. Resilient Intrusion Tolerance through Proactive and Reactive Recovery, 2007
  80. Virtual machine-provided context sensitive page mappings, 2008
  81. Persistent code caching: Exploiting code reuse across executions and applications, 2007
  82. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86), 2007
  83. ARCHERR: Runtime environment driven program safety, 2004
  84. Foreign Code Detection on the Windows/X86 Platform, 2006
  85. Where's the FEEB?: The effectiveness of instruction set randomization, 2005
  86. Efficient techniques for comprehensive protection from memory error exploits, 2005
  87. Exterminator: Automatically correcting memory errors with high probability, 2007
  88. Automatic diagnosis and response to memory corruption vulnerabilities, 2005
  89. Data space randomization, 2008
  90. The Evolution of System-Call Monitoring, 2008
  91. MemSherlock: an automated debugger for unknown memory corruption vulnerabilities, 2007
  92. DIRA: Automatic Detection, Identification, and Repair of Control-Hijacking Attacks, 2004
  93. A practical mimicry attack against powerful system-call monitors, 2008
  94. SigFree: A Signature-free Buffer Overflow Attack Blocker, 2006
  95. Kernel Support for Redundant Execution on Multiprocessor Systems, 2007
  96. Kernel Support for Deterministic Redundant Execution of Shared Memory Workloads on Multiprocessor Systems, 2007
  97. Real-world buffer overflow protection for userspace & kernelspace, 2008
  98. ASLR Smack & Laugh Reference: Seminar on Advanced Exploitation Techniques, 2008
  99. Comprehensively and efficiently protecting the heap, 2006
  100. Hardened OS exploitation techniques, 2004
  101. A Security Architecture for Microprocessors, 2003
  102. Hypervisor support for identifying covertly executing binaries, 2008
  103. Using instruction block signatures to counter code injection attacks, 2005
  104. Automatic generation of buffer overflow attack signatures: An approach based on program behavior models, 2005
  105. Address space layout permutation (ASLP): Towards fine-grained randomization of commodity software, 2006
  106. Bezoar: Automated Virtual Machine-based Full-System Recovery from Control-Flow Hijacking Attacks, 2007
  107. Deploying dynamic code transformation in modern computing environments, 2006
  108. Binary rewriting and call interception for efficient runtime protection against buffer overflows, 2006
  109. Control-flow integrity: Principles, implementations, and applications, 2005
  110. Randomized instruction set emulation, 2005
  111. Implementation vulnerabilities and detection, 2007
  112. Proactive Obfuscation, 2009
  113. Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space, 2009
  114. An Integrated Framework for Dependable and Revivable Architectures Using Multicore Processors, 2006
  115. Paladin: Helping Programs Help Themselves with System Call Interposition, 2009
  116. Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities, 2009
  117. Classification of Malicious Distributed SELinux Activities, 2009
  118. Polymorphing Software By Randomizing Data Structure Layout, 2009
  119. Yataglass: Network-Level Code Emulation for Analyzing Memory-Scanning Attacks, 2009
  120. Finding the Bad in Good Code: Automated Return-Oriented Programming Exploit Discovery, 2009
  121. Experimental Validation of Architectural Solutions, 2009
  122. Multi-Variant Execution: Run-Time Defense against Malicious Code Injection Attacks, 2009
  123. Breaking the memory secrecy assumption, 2009
  124. Security by Design, 2009
  125. The Impact of Linux Superuser Privileges on System and Data Security within a Cloud Computing Storage Architecture, 2009
  126. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms, 2009
  127. Specification and evaluation of polymorphic shellcode properties using a new temporal logic, 2009
  128. Yataglass: Network-level Code Emulation for Analyzing Memory-scanning Attacks, 2009
  129. Protecting Xen hypercalls, 2009
  130. The Impact of Linux Superuser Privileges on System and Data Security Within a Cloud Computing Storage Architecture, 2009
  131. An Examination of the Generic Memory Corruption Exploit Prevention Mechanisms on Apple's Leopard Operating System, 2009
  132. A System Call Randomization Based Method for Countering Code-Injection Attacks, 2009
  133. Surgically returning to randomized lib (c), 2009
  134. Architecture Support for Operating System Survivability and Efficient Bulk Memory Copying and Initialization, 2009
  135. Leveraging Parallel Hardware to Detect, Quarantine, and Repair Malicious Code Injection, 2010
  136. Malicious Shellcode Detection with Virtual Memory Snapshots, 2010
  137. Program Differentiation, 2010
  138. A Comprehensive Analysis of MAC Enhancements for Leveraging Distributed MAC, 2008
  139. Intrusion detection for resource-constrained embedded control systems in the power grid, 2012
  140. Development of an Effective Runtime Defense Algorithm for Web Application Security, 2012
  141. RGBDroid: a novel response-based approach to android privilege escalation attacks, 2012
  142. Stack Layout Transformation: Towards Diversity for Securing Binary Programs, 2012
  143. Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication, 2012
  144. A Dynamic Detective Method against ROP Attack on ARM Platform, 2012
  145. Functionality-based application confinement: A parameterised and hierarchical approach to policy abstraction for rule-based application-oriented access controls, 2012
  146. STABILIZER: Statistically Sound Performance Evaluation, 2013
  147. Composable and reusable whole-system offline dynamic analysis, 2012
  148. Light-weight bounds checking, 2012
  149. Safe Loading A Foundation for Secure Execution of Untrusted Programs, 2012
  150. Body armor for binaries: preventing buffer overflows without recompilation, 2012
  151. Memento: Learning Secrets from Process Footprints, 2012
  152. An Empirical Study of Memory Sharing in Virtual Machines, 2012
  153. Automatic generation of policies and roles for role based access control [patent], 2011
  154. Secure sandboxing solution for GNU/Linux, 2011
  155. Attack Surface Reduction For Commodity OS Kernels, 2011
  156. A Comparison of Secure Multi-Tenancy Architectures for Filesystem Storage Clouds, 2011
  157. Lightweight intrusion detection for resource-constrained embedded control systems, 2011
  158. Identifying native applications with high assurance, 2011
  159. Enforcing kernel constraints by hardware-assisted virtualization, 2011
  160. An Information Flow Approach for Preventing Race Conditions: Dynamic Protection of the Linux OS, 2011
  161. Autoscopy Jr.: Intrusion Detection for Embedded Control Systems, 2011
  162. PIGA-HIPS: Protection of a shared HPC cluster, 2011
  163. Practical Data-Leak Prevention for Legacy Applications in Enterprise Networks, 2011
  164. Runtime Attacks: Buffer Overflow and Return-Oriented Programming, 2011
  165. RIPE: runtime intrusion prevention evaluator, 2011
  166. Efficient detection of the return-oriented programming malicious code, 2011
  167. Knowledge Base Model for the Linux Kernel, 2011
  168. Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables, 2011
  169. Address space randomization for mobile devices, 2011
  170. Q: Exploit Hardening Made Easy, 2011
  171. Jump-oriented programming: A new class of code-reuse attack, 2011
  172. Exploiting the Hard-Working DWARF: Trojan and Exploit Techniques Without Native Executable Code, 2011
  173. Privilege escalation attacks on Android, 2011
  174. Revisiting address space randomization, 2011
  175. In-Execution Dynamic Malware Analysis and Detection by Mining Information in Process Control Blocks of Linux OS, 2011
  176. Securing The Kernel via Static Binary Rewriting and Program Shepherding, 2011
  177. Effectiveness of Moving Target Defenses, 2011
  178. On the Expressiveness of Return-into-libc Attacks, 2011
  179. A Robust Kernel-Based Solution to Control-Hijacking Buffer Overflow Attacks, 2011
  180. ROPdefender: A detection tool to defend against return-oriented programming attacks, 2011
  181. Mitigating code-reuse attacks with control-flow locking, 2011
  182. Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems, 2011
  183. Fine-grained user-space security through virtualization, 2011
  184. A study of self-propagating mal-packets in sensor networks: Attacks and defenses, 2011
  185. Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures, 2011
  186. Faults in Linux: Ten years later, 2011
  187. Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution, 2011
  188. DESERVE: A Framework for Detecting Program Security Vulnerability Exploitations, 2011
  189. Detecting polymorphic threats [patent], 2010
  190. Countering polymorphic malicious computer code through code optimization [patent], 2009
  191. Dynamic out-of-process software components isolation for trustworthiness execution [patent], 2009
  192. Opening computer files quickly and safely over a network [patent], 2009
  193. Secure execution of a computer program [patent], 2009
  194. Method of address space layout randomization for windows operating systems [patent], 2010
  195. System and method for monitoring interactions between application programs and data stores [patent], 2010
  196. Secure execution of a computer program using a code cache [patent], 2009
  197. Peeping tom in the neighborhood: keystroke eavesdropping on multi-user systems, 2009
  198. Security through diversity: Leveraging virtual machine technology, 2009
  199. Protecting a computer coupled to a network from malicious code infections [patent], 2008
  200. Evaluation of Linux Security Frameworks, 2010
  201. Security in Web Applications and the Implementing of a Ticket Handling System, 2014
  202. Quantifiable Run-time Kernel Attack Surface Reduction, 2013
  203. FIREAXE: The DHS Secure Design Competition Pilot, 2012
  204. Vulnerability Discovery with Attack Injection Software, 2013
  205. ELFbac: Using the Loader Format for Intent-Level Semantics and Fine-Grained Protection, 2013
  206. LGadget: ROP Exploit based on Long Instruction Sequences, 2013
  207. Protecting Function Pointers in Binary, 2013
  208. Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring, 2013
  209. Towards Formal Verification of Liferay RBAC, 2013
  210. Buffer Overflow Attack Blocking Using MCAIDS - Machine Code Analysis Intrusion Detection System, 2013
  211. Layout Randomization and Nondeterminism, 2014
  212. Booby Trapping Software, 2013
  213. Applications of Cybernetics and Control Theory for a New Paradigm in Cybersecurity, 2013
  214. SAFEDISPATCH: Securing C++ Virtual Calls from Memory Corruption Attacks, 2014
  215. Analyzing the Security of Windows 7 and Linux for Cloud Computing, 2012
  216. Run-time Control Flow Authentication: An Assessment on Contemporary X86 Platforms, 2013
  217. Deadbolt: Locking Down Android Disk Encryption, 2013
  218. A Formal Model and Correctness Proof for an Access Control Policy Framework, 2013
  219. High Assurance Models for Secure Systems, 2013
  220. Operating System Security by Integrity Checking and Recovery Using Write-protected Storage, 2013
  221. Malicious Code Execution Prevention through Function Pointer Protection, 2013
  222. An Approach to Stack Overflow Counter-measures Using Kernel Properties, 2013
  223. Marlin: A fine grained randomization approach to defend against ROP attacks, 2013
  224. Defending against heap overflow by using randomization in nested virtual clusters, 2013
  225. ModuleGuard: A Gatekeeper for Dynamic Module Loading Against Malware, 2013
  226. SecGOT: Secure Global Offset Tables in ELF Executables, 2013
  227. iProbe: A lightweight user-level dynamic instrumentation tool, 2013
  228. On Layout Randomization for Arrays and Functions, 2013
  229. JSGuard: Shellcode Detection in JavaScript, 2012
  230. Profile-guided Automated Software Diversity, 2013
  231. HeapSentry: Kernel-assisted Protection against Heap Overflows, 2013
  232. Gadge Me If You Can, 2013
  233. Systematic Analysis of Defenses Against Return-Oriented Programming, 2013
  234. Practical Control Flow Integrity & Randomization for Binary Executables, 2013
  235. SoK: Eternal War in Memory, 2013
  236. Practical Timing Side Channel Attacks Against Kernel Space ASLR, 2013
  237. ASIST: Architectural Support for Instruction Set Randomization, 2013
  238. A Systematic Analysis of Defenses Against Code Reuse Attacks, 2013
  239. SafeStack: Automatically Patching Stack-based Buffer Overflow Vulnerabilities, 2013
  240. SCRAP: Architecture for Signature-Based Protection from Code Reuse Attacks, 2013
  241. CPM: Masking Code Pointers to Prevent Code Injection Attacks, 2013
  242. FrankenSSL: Recombining Cryptographic Libraries to Create Software Variants, 2016
  243. Counter-Measures against Stack Buffer Overflows in GNU/Linux Operating Systems, 2016
  244. Intrusion Prevention and Detection in Grid Computing-The ALICE Case, 2015
  245. Firmwall: Protecting hard disk firmware, 2014
  246. Sandboxing in Linux: From Smartphone to Cloud, 2016
  247. Libra: An Adaptive Method for Protecting Memory from Arbitrary Overwrite, 2016
  248. Reins to the Cloud: Compromising Cloud Systems via the Data Plane, 2016
  249. From chroot over containers to Docker, 2016
  250. Security Analysis of Linux Kernel Features for Embedded Software Systems in Vehicles, 2015
  251. Towards Access Control for Isolated Applications, 2016
  252. Apate Interpreter-A Kernel Hook Rule Engine, 2015
  253. Kernel Based Process Level Authentication Framework for Secure Computing and High Level System Assurance, 2014
  254. Hypervisor-vs. Container-based Virtualization, 2016
  255. Pitfalls of virtual machine introspection on modern hardware, 2014
  256. A Cyber Attack-Resilient Server Using Hybrid Virtualization, 2016
  257. Process Table Covert Channels: Exploitation and Countermeasures, 2016
  258. Secure Authentication: Eliminating Possible Backdoors in Client-Server Endorsement, 2016
  259. Writing parsers like it is 2017, 2017
  260. A visitation of sysdig, 2014
  261. Dynamic reconstruction of relocation information for stripped binaries, 2014
  262. Mitigation of Virtunoid Attacks on Cloud Computing Systems, 2015
  263. Bridging the detection gap: a study on a behavior-based approach using malware techniques, 2014
  264. Android patching from a mobile device management perspective, 2014
  265. Security by design, 2016
  266. Address-Oblivious Code Reuse: On the Effectiveness of Leakage-Resilient Diversity, 2017
  267. Virtual Machine Introspection with Xen on ARM, 2015
  268. A Tour Beyond BIOS-Security Enhancement to Mitigate Buffer Overflow in UEFI, 2016
  269. SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities, 2017
  270. Defeating ROP Through Dynamically Encrypted Return Addresses, 2014
  271. HARES: Hardened anti-reverse engineering system, 2015
  272. Apate-A Linux Kernel Module for High Interaction Honeypots, 2015
  273. Process authentication for high system assurance, 2014
  274. Breaking Active-Set Backward-Edge Control-Flow Integrity, 2017
  275. NFV: Security Threats and Best Practices, 2017
  276. Protecting Commodity Operating Systems through Strong Kernel Isolation, 2015
  277. Interrupt-oriented Bugdoor Programming: A minimalist approach to bugdooring embedded systems firmware, 2014
  278. Data Is Flowing in the Wind: A Review of Data-Flow Integrity Methods to Overcome Non-Control-Data Attacks, 2016
  279. Security analysis of mobile two-factor authentication schemes, 2014
  280. Advancing Future Network Science through Content Understanding, 2014
  281. Detecting Stack Layout Corruptions with Robust Stack Unwinding, 2016
  282. How the ELF Ruined Christmas, 2015
  283. Own Your Android! Yet Another Universal Root, 2015
  284. Resilient and trustworthy dynamic data-driven application systems (DDDAS) services for crisis management environments, 2015
  285. Finding Focus in the Blur of Moving Target Techniques [abstract], 2013
  286. Diversity in Cloud Systems Through Runtime and Compile-time Relocation [abstract], 2013
  287. HyperCheck: A Hardware-Assisted Integrity Monitor [abstract], 2013
  288. A secure architecture design based on application isolation, code minimization and randomization [abstract], 2013
  289. Defending Return-oriented Programming Based on Virtualization Techniques [abstract], 2013
  290. Diversifying the Software Stack Using Randomized NOP Insertion [abstract], 2013
  291. JITSafe: A Framework Against Just-in-time Spraying Attacks [abstract], 2013
  292. Detecting Return Oriented Programming by Examining Positions of Saved Return Addresses [abstract], 2013
  293. Defense against Stack-Based Attacks Using Speculative Stack Layout Transformation [abstract], 2013
  294. Mandatory Access Control with a Multi-level Reference Monitor: PIGA-cluster [abstract], 2013
  295. Detecting Code Injection Attacks at TLB Miss [abstract], 2013
  296. Software Crash Analysis for Automatic Exploit Generation on Binary Programs [abstract], 2014
  297. Software Cruising: A New Technology for Building Concurrent Software Monitor [abstract], 2014
  298. Permanent protection of information systems with method of automated security and integrity control [abstract], 2010
  299. The dark side of the Internet: Attacks, costs and responses [abstract], 2011
  300. Implicit Buffer Overflow Protection Using Memory Segregation, 2011
  301. OverCovert: Using Stack-Overflow Software Vulnerability to Create a Covert Channel [abstract], 2011
  302. Automatic construction of jump-oriented programming shellcode (on the x86) [abstract], 2011
  303. Compiler-Generated Software Diversity, 2011
  304. Securing heap memory by data pointer encoding [abstract], 2011
  305. JITDefender: A Defense against JIT Spraying Attacks [abstract], 2011
  306. Spy vs. Spy: counter-intelligence methods for backtracking malicious intrusions [abstract], 2011
  307. Enhancing MAC Security Model with Meta-Policy approach using an Intelligent Anomaly based HIDS [abstract], 2011
  308. Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs [abstract], 2011
  309. Advanced MAC in HPC systems: performance improvement [abstract], 2012
  310. Surreptitious Deployment and Execution of Kernel Agents in Windows Guests [abstract], 2012
  311. Survey on malware evasion techniques: State of the art and challenges [abstract], 2012
  312. A New Data Randomization Method to Defend Buffer Overflow Attacks [abstract], 2012
  313. Directed Hidden-Code Extractor for Environment-Sensitive Malwares [abstract], 2012
  314. Improving Mandatory Access Control for HPC Clusters [abstract], 2012
  315. A Novel Approach Against the System Buffer Overflow [abstract], 2010
  316. Automated Software Vulnerability Analysis [abstract], 2009
  317. Probability Based Risk Analysis for a VoIP System [abstract], 2009
  318. A DLL Protection Mechanism with Larger Random Entropy for Windows Vista [abstract], 2009
  319. Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks [abstract], 2009
  320. Address-space layout randomization using code islands [abstract], 2009
  321. Security Systems Design and Analysis Using an Integrated Rule-Based Systems Approach [abstract], 2005
  322. AIFD: A Runtime Solution to Buffer Overflow Attack [abstract], 2007
  323. Hardware Stack Design: Toward an Effective Defence Against Frame Pointer Overwrite Attacks [abstract], 2006
  324. An Efficient Pointer Protection Scheme to Defend Buffer Overflow Attacks [abstract], 2005
  325. Design and Implementation of an Extended Reference Monitor for Trusted Operating Systems [abstract], 2006
  326. Enforcement of Integrated Security Policy in Trusted Operating Systems [abstract], 2007
  327. Application of an Online Judge & Contester System in Academic Tuition [abstract], 2008
  328. Return Address Randomization Scheme for Annuling Data-Injection Buffer Overflow Attacks [abstract], 2006
  329. Rootkit modeling and experiments under Linux [abstract], 2008
  330. PrISM: Automatic Detection and Prevention from Cyber Attacks [abstract], 2008
  331. A Theory of Secure Control Flow [abstract], 2005
  332. Detection and Diagnosis of Control Interception [abstract], 2008
  333. Efficient and Practical Control Flow Monitoring for Program Security [abstract], 2008
  334. Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks [abstract], 2007
  335. Linux 2.6 kernel exploits [abstract], 2007
  336. A Policy Language for the Extended Reference Monitor in Trusted Operating Systems [abstract], 2007
  337. Intrusion detection and security policy framework for distributed environments [abstract], 2005
  338. Integration of trusted operating system from open source [abstract], 2003
  339. Towards the specification of access control policies on multiple operating systems [abstract], 2004
  340. Detecting kernel-level rootkits through binary analysis [abstract], 2004
  341. A Collaborative Approach for Access Control, Intrusion Detection and Security Testing [abstract], 2006
  342. Buffer overflow protection based on adjusting code segment limit [abstract], 2005
  343. The Design of a Generic Intrusion Tolerant Architecture for Web Servers [abstract], 2008
  344. Supporting access control policies across multiple operating systems [abstract], 2005
  345. Model-driven configuration of os-level mandatory access control: research abstract [abstract], 2008
  346. A simple implementation and performance evaluation extended-role based access control [abstract], 2005
  347. Design space and analysis of worm defense strategies [abstract], 2006
  348. ASSURE: automatic software self-healing using rescue points [abstract], 2009
  349. Self-healing control flow protection in sensor applications [abstract], 2009
  350. Return Protector: A Protection Mechanism for Return-into-libc Attacks by Checking the Return Address [abstract], 2009
  351. A specification language for information security policies [abstract], 2009
  352. DROP: Detecting Return-Oriented Programming Malicious Code [abstract], 2009
  353. Enforcement of Security Properties for Dynamic MAC Policies [abstract], 2009
  354. Generation of Role Based Access Control Security Policies for Java Collaborative Applications [abstract], 2009
  355. A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability [abstract], 2009
  356. Practicality of Using Side-Channel Analysis for Software Integrity Checking of Embedded Systems [abstract], 2015
  357. Protecting sensitive information in the volatile memory from disclosure attacks [abstract], 2016
  358. Monitoring translation lookahead buffers to detect code injection attacks [abstract], 2014
  359. Implementing a vertically hardened DNP3 control stack for power applications [abstract], 2016
  360. Complex event processing for reactive security monitoring in virtualized computer systems [abstract], 2015
  361. Providing Security in Container-Based HPC Runtime Environments [abstract], 2016
  362. Behavior based authentication mechanism to prevent malicious code attacks in windows [abstract], 2015
  363. Agent based public audit for secured cloud storage [abstract], 2015
  364. Attack Mitigation by Data Structure Randomization [abstract], 2016
  365. LRBAC: Flexible function-level hierarchical role based access control for Linux [abstract], 2015
  366. All your cluster-grids are belong to us: Monitoring the (in) security of infrastructure monitoring systems [abstract], 2015
  367. Umbra: Embedded Web Security Through Application-Layer Firewalls [abstract], 2015
  368. Randomization Can't Stop BPF JIT Spray [abstract], 2017
  369. Design and Implementation of Efficient Mitigation against Return-oriented Programming [abstract], 2014
  370. Improvement of Runtime Intrusion Prevention Evaluator (RIPE) [abstract], 2015
  371. Dynaguard: Armoring canary-based protections against brute-force attacks [abstract], 2015
  372. Detection Mechanism against Code Re-use Attack in Stack region [abstract], 2014
  373. Securing the cloud using Quantum Networking protocols [abstract], 2016
  374. Healthcare Privacy: How Secure Are the VOIP/Video-Conferencing Tools for PHI Data? [abstract], 2015
  375. StemJail: Dynamic Role Compartmentalization [abstract], 2016
  376. Caml crush: A pkcs#11 filtering proxy [abstract], 2014
  377. Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices [abstract], 2016
  378. A tale of two kernels: Towards ending kernel hardening wars with split kernel [abstract], 2014
  379. Component-oriented access control -- Application servers meet tuple spaces for the masses [abstract], 2017
  380. Toward preventing stack overflow using kernel properties [abstract], 2014
  381. Control jujutsu: On the weaknesses of fine-grained control flow integrity [abstract], 2015
  382. ROPMEMU: A framework for the analysis of complex code-reuse attacks [abstract], 2016
  383. SAFECode whitepaper: fundamental practices for secure software development [abstract], 2014
  384. Mandatory access protection within cloud systems [abstract], 2014
  385. Secure patrol: Patrolling against buffer overflow exploits [abstract], 2014
  386. DATAEvictor: To Reduce the Leakage of Sensitive Data Targeting Multiple Memory Copies and Data Lifetimes [abstract], 2014
  387. Fusion Trust Service Assessment for Crisis Management Environments [abstract], 2016
  388. A Systematic Exploit Strengthening Method Integrating with Penetration Testing Framework [abstract], 2015
  389. You can run but you can't read: Preventing disclosure exploits in executable code [abstract], 2014