Paper-Conference

Sticky Tags: Efficient and Deterministic Spatial Memory Error Mitigation using Persistent Memory Tags

Spatial memory errors such as buffer overflows still rank among the top vulnerabilities in C/C++ programs. Despite much research in the …

Floris Gorter, Taddeus Kroes, Herbert Bos, Cristiano Giuffrida

FloatZone: Accelerating Memory Error Detection using the Floating Point Unit

Memory sanitizers are powerful tools to detect spatial and temporal memory errors, such as buffer overflows and use-after-frees. …

Floris Gorter, Enrico Barberis, Raphael Isemann, Erik van der Kouwe, Cristiano Giuffrida, Herbert Bos

UNCONTAINED: Uncovering Container Confusion in the Linux Kernel

Type confusion bugs are a common source of security problems whenever software makes use of type hierarchies, as an inadvertent …

Jakob Koschel, Pietro Borrello, Daniele Cono D’Elia, Herbert Bos, Cristiano Giuffrida

Don’t Look UB: Exposing Sanitizer-Eliding Compiler Optimizations

Sanitizers are widely used compiler features that detect undefined behavior and resulting vulnerabilities by injecting runtime checks …

Raphael Isemann, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe, Klaus Von Gleissenthall

No One Drinks From the Firehose: How Organizations Filter and Prioritize Vulnerability Information

The number of published software vulnerabilities is increasing every year. How do organizations stay in control of their attack surface …

Stephanie De Smale, Rik Van Dijk, Xander Bouwman, Jeroen Van Der Ham, Michel van Eeten

Enviral: Fuzzing the Environment for Evasive Malware Analysis

Analyzing malicious behavior is vital to effectively safeguard computer systems against malware. However, contemporary malware …

Floris Gorter, Cristiano Giuffrida, Erik van der Kouwe

Copy-on-Flip: Hardening ECC Memory Against Rowhammer Attacks

Despite nearly decade-long mitigation efforts in academia and industry, the community is yet to find a practical solution to the …

Andrea Di Dio, Koen Koning, Herbert Bos, Cristiano Giuffrida

Let Me Unwind That For You: Exceptions to Backward-Edge Protection

Backward-edge control-flow hijacking via stack buffer overflow is the holy grail of software exploitation. The ability to directly …

Victor Duta, Fabian Freyer, Fabio Pagani, Marius Muench, Cristiano Giuffrida

Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots

Modern coverage-oriented fuzzers play a crucial role in vulnerability finding. While much research focuses on improving the core …

Elia Geretto, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe

"I needed to solve their overwhelmness": How System Administration Work was Affected by COVID-19

The ongoing global COVID-19 pandemic made working from home – wherever working remotely is possible – the norm for what had …

Mannat Kaur, Simon Parkin, Marijn Janssen, Tobias Fiebig