NSL: Network Security Lab

Network Security Lab

CSCU

• Welcome
• People
• Projects

• Publications

• Contact

Publications

2013 | 2012 | 2011 | 2010

2013

• "ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking"

  Kangkook Jee, Vasileios P. Kemerlis, Angelos D. Keromytis, and Georgios Portokalidis. To appear in Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS). November 2013, Berlin, Germany.

• "SAuth: Protecting User Accounts from Password Database Leaks"

  Georgios Kontaxis, Elias Athanasopoulos, Georgios Portokalidis, and Angelos D. Keromytis. To appear in Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS). November 2013, Berlin, Germany.

• "CloudFence: Data Flow Tracking as a Cloud Service"

  Vasilis Pappas, Vasileios P. Kemerlis, Angeliki Zavou, Michalis Polychronakis, and Angelos D. Keromytis. To appear in Proceedings of the 16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). October 2013, Saint Lucia.

• "Server-side Code Injection Attacks: A Historical Perspective"

  Jakob Fritz, Corrado Leita, and Michalis Polychronakis. To appear in Proceedings of the 16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). October 2013, Saint Lucia.

• "An Acurate Stack Memory Abstraction and Symbolic Analysis Framework for Executables"

  Kapil Anand, Khaled Elwazeer, Aparna Kotha, Matthew Smithson, Rajeev Barua, and Angelos D. Keromytis. In Proceedings of the 29th IEEE International Conference on Software Maintenance (ICSM). September 2013, Eindhoven, Netherlands.

• "CellFlood: Attacking Tor Onion Routers on the Cheap"

  Marco V. Barbera, Vasileios P. Kemerlis, Vasilis Pappas, and Angelos D. Keromytis. In Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS). September 2013, Egham, UK.

• "A Privacy-Preserving Entropy-Driven Framework for Tracing DoS Attacks in VoIP"

  Zisis Tsiatsikas, Dimitris Geneiatakis Georgios Kambourakis, and Angelos D. Keromytis. In Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES). September 2013, Regensburg, Germany.

• "Transparent ROP Exploit Mitigation using Indirect Branch Tracing"

  Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the 22nd USENIX Security Symposium. August 2013, Washington, DC.

• "Cloudopsy: an Autopsy of Data Flows in the Cloud"

  Angeliki Zavou, Vasilis Pappas, Vasileios P. Kemerlis, Michalis Polychronakis, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 15th International Conference on Human-Computer Interaction (HCI). July 2013, Las Vegas, NV.

• "SecureGov: Secure Government Data Sharing"

  Jong Uk Choi, Soon Ae Chun, Dong Hwa Kim, and Angelos D. Keromytis. In Proceedings of the 14th Annual International Conference on Digital Government Research (dg.o). June 2013, Quebec City, Canada.

• "Computational Decoys for Cloud Security"

  Georgios Kontaxis, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the ARO Workshop on Cloud Security. March 2013, Fairfax, VA.

2012

• "kGuard: Lightweight Kernel Protection"

  Vasileios P. Kemerlis, Georgios Portokalidis, Elias Athanasopoulos, and Angelos D. Keromytis. USENIX ;login: Magazine, 37(6), December 2012.

• "Self-Healing Multitier Architectures Using Cascading Rescue Points"

  Angeliki Zavou, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC). December 2012, Orlando, FL.

• "All your face are belong to us: Breaking Facebook's Social Authentication"

  Iasonas Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos D. Keromytis and Stefano Zanero. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC). December 2012, Orlando, FL.

• "Exploiting Split Browsers for Efficiently Protecting User Data"

  Angelika Zavou, Elias Athanasopoulos, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 4th ACM Cloud Computing Security Workshop (CCSW). October 2012, Raleigh, NC.

• "Adaptive Defenses for Commodity Software through Virtual Application Partitioning"

  Dimitris Geneiatakis, Georgios Portokalidis, Vasileios P. Kemerlis, and Angelos D. Keromytis. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS). October 2012, Raleigh, NC.

• "Bait and Snitch: Defending Computer Systems with Decoys"

  Jonathan Voris, Jill Jermyn, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 3rd Cyber Infrastructure Protection Conference (CIP). September 2012, New York, NY.

• "Privacy-Preserving Social Plugins"

  Georgios Kontaxis, Michalis Polychronakis, Angelos D. Keromytis, and Evangelos P. Markatos. In Proceedings of the 21st USENIX Security Symposium. August 2012, Bellevue, WA.

• "kGuard: Lightweight Kernel Protection against Return-to-user Attacks"

  Vasileios P. Kemerlis, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 21st USENIX Security Symposium. August 2012, Bellevue, WA.

• "ARC: Protecting against HTTP Parameter Pollution Attacks Using Application Request Caches"

  Elias Athanasopoulos, Vasileios P. Kemerlis, Michalis Polychronakis, and Evangelos P. Markatos. In Proceedings of the 10th International Conference on Applied Cryptography and Network Security (ACNS). June 2012, Singapore.

• "Tolerating Overload Attacks Against Packet Capturing Systems" (short paper)

  Antonis Papadogiannakis, Michalis Polychronakis, and Evangelos P. Markatos. In Proceedings of the USENIX Annual Technical Conference (ATC). June 2012, Boston, MA.

• "Towards a Universal Data Provenance Framework using Dynamic Instrumentation"

  Eleni Gessiou, Vasilis Pappas, Elias Athanasopoulos, Angelos D. Keromytis, and Sotiris Ioannidis. In Proceedings of the 27th IFIP International Information Security and Privacy Conference (SEC). June 2012, Crete, Greece.

• "The MEERKATS Cloud Security Architecture"

  Angelos D. Keromytis, Roxana Geambasu, Simha Sethumadhavan, Salvatore J. Stolfo, Junfeng Yang, Azzedine Benameur, Marc Dacier, Matthew Elder, Darrell Kienzle, and Angelos Stavrou. In Proceedings of the 3rd International Workshop on Security and Privacy in Cloud Computing (ICDCS-SPCC). June 2012, Macao, China.

• "Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization"

  Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the 33rd IEEE Symposium on Security & Privacy (S&P). May 2012, San Francisco, CA.

• "Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud"

  Salvatore J. Stolfo, Malek Ben Salem, and Angelos D. Keromytis. In Proceedings of the 1st Workshop on Research for Insider Threat (WRIT) May 2012, San Francisco, CA.

• "libdft: Practical Dynamic Data Flow Tracking for Commodity Systems"

  Vasileios P. Kemerlis, Georgios Portokalidis, Kangkook Jee, and Angelos D. Keromytis. In Proceedings of the 8th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE). March 2012, London, UK.

• "A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware"

  Kangkook Jee, Georgios Portokalidis, Vasileios P. Kemerlis, Soumyadeep Ghosh, David I. August, and Angelos D. Keromytis. In Proceedings of the 19th Internet Society (ISOC) Symposium on Network and Distributed System Security (NDSS). February 2012, San Diego, CA.

• "A System for Generating and Injecting Indistinguishable Network Decoys"

  Brian M. Bowen, Vasileios P. Kemerlis, Pratap Prabhu, Angelos D. Keromytis, and Salvatore J. Stolfo. Journal of Computer Security (JCS), 20(2-3), January 2012.

2011

• "A Multilayer Overlay Network Architecture for Enhancing IP Services Availability Against DoS"

  Dimitris Geneiatakis, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 7th International Conference on Information Systems Security (ICISS). December 2011, Kolkata, India.

• "Private Search in the Real World"

  Vasilis Pappas, Mariana Raykova, Binh Vo, Steven M. Bellovin, and Tal Malkin. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC). December 2011, Orlando, FL.

• "REASSURE: A Self-contained Mechanism for Healing Software Using Rescue Points"

  Georgios Portokalidis and Angelos D. Keromytis. In Proceedings of the 6th International Workshop on Security (IWSEC). November 2011, Tokyo, Japan. (Best Paper Award)

• "Taint-Exchange: a Generic System for Cross-process and Cross-host Taint Tracking"

  Angeliki Zavou, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 6th International Workshop on Security (IWSEC). November 2011, Tokyo, Japan.

• "Parallelization and Characterization of Pattern Matching using GPUs"

  Giorgos Vasiliadis, Michalis Polychronakis, and Sotiris Ioannidis. In Proceedings of the IEEE International Symposium on Workload Characterization (IISWC). November 2011, Austin, TX.

• "SudoWeb: Minimizing Information Disclosure to Third Parties in Single Sign-On Platforms"

  Georgios Kontaxis, Michalis Polychronakis, and Evangelos P. Markatos. In Proceedings of the 14th Information Security Conference (ISC). October 2011, Xi'an, China. (Best Student Paper Award)

• "MIDeA: A Multi-Parallel Intrusion Detection Architecture"

  Giorgos Vasiliadis, Michalis Polychronakis, and Sotiris Ioannidis. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS). October 2011, Chicago, IL.

• "ROP Payload Detection Using Speculative Code Execution"

  Michalis Polychronakis and Angelos D. Keromytis. In Proceedings of the 6th International Conference on Malicious and Unwanted Software (MALWARE). October 2011, Fajardo, PR. (Best Paper Award)

• "Detecting Traffic Snooping in Tor Using Decoys"

  Sambuddho Chakravarty, Georgios Portokalidis, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID). September 2011, Menlo Park, CA.

• "Measuring the Deployment Hiccups of DNSSEC"

  Vasilis Pappas and Angelos D. Keromytis. In Proceedings of the International Conference on Advances in Computing and Communications (ACC), Part III. July 2011, Kochi, India.

• "The SPARCHS Project: Hardware Support for Software Security"

  Simha Sethumadhavan, Salvatore J. Stolfo, David August, Angelos D. Keromytis, and Junfeng Yang. In Proceedings of the 1st Workshop on Systems Security (SysSec). July 2011, Amsterdam, Netherlands.

• "The MINESTRONE Architecture: Combining Static and Dynamic Analysis Techniques for Software Security"

  Angelos D. Keromytis, Salvatore J. Stolfo, Junfeng Yang, Angelos Stavrou, Anup Ghosh, Dawson Engler, MarcDacier, Matthew Elder, and Darrell Kienzle. In Proceedings of the 1st Workshop on Systems Security (SysSec). July 2011, Amsterdam, Netherlands.

• "Misuse Detection in Consent-based Networks"

  Mansoor Alicherry and Angelos D. Keromytis. In Proceedings of the 9th International Conference on Applied Cryptography and Network Security (ACNS). June 2011, Malaga, Spain.

• "Retrofitting Security in COTS Software with Binary Rewriting"

  Padraig O'Sullivan, Kapil Anand, Aparna Kothan, Matthew Smithson, Rajeev Barua, and Angelos D. Keromytis. In Proceedings of the 26th IFIP International Information Security Conference (SEC). June 2011, Lucerne, Switzerland.

• "Combining Static and Dynamic Analysis for the Detection of Malicious Documents"

  Zacharias Tzermias, Giorgos Sykiotakis, Michalis Polychronakis, and Evangelos P. Markatos. In Proceedings of the European Workshop on System Security (EuroSec). April 2011, Salzburg, Austria.

• "Computer Security Research with Human Subjects: Informed Consent, Risk, and Benefits"

  Maritza Johnson, Steven M. Bellovin, and Angelos D. Keromytis. In Proceedings of the 2nd Workshop on Ethics in Computer Security Research (WECSR). March 2011, Saint Lucia.

• "Towards a Forensic Analysis for Multimedia Communication Services"

  Dimitris Geneiatakis and Angelos D. Keromytis. In Proceedings of the 7th International Symposium on Frontiers in Networking with Applications (FINA). March 2011, Biopolis, Singapore.

2010

• "Paranoid Android: Versatile Protection For Smartphones"

  Georgios Portokalidis, Philip Homburg, Kostas Anagnostakis, and Herbert Bos. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC). December 2010, Austin, TX.

• "Fast and Practical Instruction-Set Randomization for Commodity Systems"

  Georgios Portokalidis and Angelos D. Keromytis. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC). December 2010, Austin, TX.

• "Comprehensive Shellcode Detection using Runtime Heuristics"

  Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC). December 2010, Austin, TX.

• "An Adversarial Evaluation of Network Signaling and Control Mechanisms"

  Kangkook Jee, Stelios Sidiroglou-Douskos, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the 13th International Conference on Information Security and Cryptology (ICISC). December 2010, Seoul, Korea.

• "Evaluation of a Spyware Detection System using Thin Client Computing"

  Vasilis Pappas, Brian M. Bowen,and Angelos D. Keromytis. In Proceedings of the 13th International Conference on Information Security and Cryptology (ICISC). December 2010, Seoul, Korea.

• "Securing MANET Multicast Using DIPLOMA"

  Mansoor Alicherry and Angelos D. Keromytis. In Proceedings of the 5th International Workshop on Security (IWSEC). November 2010, Kobe, Japan.

• "Crimeware Swindling without Virtual Machines"

  Vasilis Pappas, Brian M. Bowen, and Angelos D. Keromytis. In Proceedings of the 13th Information Security Conference (ISC). October 2010, Boca Raton, FL.

• "iLeak: A Lightweight System for Detecting Inadvertent Information Leaks"

  Vasileios P. Kemerlis, Vasilis Pappas, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 6th European Conference on Computer Network Defense (EC2ND). October 2010, Berlin, Germany.

• "GPU-assisted Malware"

  Giorgos Vasiliadis, Michalis Polychronakis, and Sotiris Ioannidis. In Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software (MALWARE). October 2010, Nancy, France.

• "Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution"

  Georgios Portokalidis and Angelos D. Keromytis. In Proceedings of the ARO Workshop on Moving Target Defense. October 2010, Fairfax, VA.

• "Traffic Analysis Against Low-Latency Anonymity Networks Using Available Bandwidth Estimation"

  Sambuddho Chakravarty, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS). September 2010, Athens, Greece.

• "BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection"

  Brian M. Bowen, Pratap Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID). September 2010, Ottawa, Canada.

• "An Analysisof Rogue AV Campaigns"

  Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, and Marc Dacier. In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID). September 2010, Ottawa, Canada.

• "DIPLOMA: Distributed Policy Enforcement Architecture for MANETs"

  Mansoor Alicherry and Angelos D. Keromytis. In Proceedings of the 4th International Conference on Network and System Security (NSS). September 2010, Melbourne, Australia.

• "RRDtrace: Long-term Raw Network Traffic Recording using Fixed-size Storage"

  Antonis Papadogiannakis, Michalis Polychronakis, and Evangelos P. Markatos. In Proceedings of the 18th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS). August 2010, Miami, FL.

• "Automating the Injection of Believable Decoys to Detect Snooping" (short paper)

  Brian M. Bowen, Vasileios P. Kemerlis, Pratap Prabhu, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 3rd ACM Conference on Wireless Network Security (WiSec). March 2010, Hoboken, NJ.