RIP-RH: Preventing Rowhammer-based Inter-Process Attacks.
Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019
Advancing Memory-corruption Attacks and Defenses.
PhD thesis, 2018
IMIX: In-Process Memory Isolation EXtension.
Proceedings of the 27th USENIX Security Symposium, 2018
CAn't Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory.
Proceedings of the 26th USENIX Security Symposium, 2017
LAZARUS: Practical Side-Channel Resilient Kernel-Space Randomization.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2017
Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity.
,
,
,
,
,
,
,
,
,
,
,
Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2017
PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables.
Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2017
JITGuard: Hardening Just-in-time Compilers with SGX.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017
Selfrando: Securing the Tor Browser against De-anonymization Exploits.
Proc. Priv. Enhancing Technol., 2016
CAn't Touch This: Practical and Generic Software-only Defenses Against Rowhammer Attacks.
CoRR, 2016
Leakage-Resilient Layout Randomization for Mobile Devices.
Proceedings of the 23rd Annual Network and Distributed System Security Symposium, 2016
Regulating ARM TrustZone Devices in Restricted Spaces.
Proceedings of the 14th Annual International Conference on Mobile Systems, 2016
Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications.
Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015
Readactor: Practical Code Randomization Resilient to Memory Disclosure.
Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015
Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming.
Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015
It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015
Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015
On the (In)Security of Mobile Two-Factor Authentication.
Proceedings of the Financial Cryptography and Data Security, 2014
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization.
Proceedings of the 2013 IEEE Symposium on Security and Privacy, 2013