Frank Piessens

Orcid: 0000-0001-5438-153X

Affiliations:
  • Catholic University of Leuven, Belgium


According to our database1, Frank Piessens authored at least 265 papers between 1993 and 2024.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

Online presence:

On csauthors.net:

Bibliography

2024
Side-Channel Attacks: A Short Tour.
IEEE Secur. Priv., 2024

Libra: Architectural Support For Principled, Secure And Efficient Balanced Execution On High-End Processors (Extended Version).
CoRR, 2024

Intellectual Property Exposure: Subverting and Securing Intellectual Property Encapsulation in Texas Instruments Microcontrollers.
Proceedings of the 33rd USENIX Security Symposium, 2024

Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs.
Proceedings of the IEEE Symposium on Security and Privacy, 2024

Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes.
Proceedings of the IEEE Symposium on Security and Privacy, 2024

Libra: Architectural Support For Principled, Secure And Efficient Balanced Execution On High-End Processors.
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

2023
End-to-End Security for Distributed Event-driven Enclave Applications on Heterogeneous TEEs.
ACM Trans. Priv. Secur., August, 2023

Transient Execution Attacks.
IEEE Secur. Priv., 2023

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version).
CoRR, 2023

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy.
Proceedings of the 32nd USENIX Security Symposium, 2023

AEX-Notify: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for Intel SGX Enclaves.
Proceedings of the 32nd USENIX Security Symposium, 2023

CHERI-TrEE: Flexible enclaves on capability machines.
Proceedings of the 8th IEEE European Symposium on Security and Privacy, 2023

MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling.
Proceedings of the 8th IEEE European Symposium on Security and Privacy, 2023

ShowTime: Amplifying Arbitrary CPU Timing Side Channels.
Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, 2023

2022
Two Parametricities Versus Three Universal Types.
ACM Trans. Program. Lang. Syst., December, 2022

Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments.
DTRAP, 2022

Mind the Gap: Studying the Insecurity of Provably Secure Embedded Trusted Execution Architectures.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

Proving full-system security properties under multiple attacker models on capability machines.
Proceedings of the 35th IEEE Computer Security Foundations Symposium, 2022

2021
Proving full-system security properties under multiple attacker models on capability machines: Coq mechanization.
Dataset, September, 2021

Securing Interruptible Enclaved Execution on Small Microprocessors.
ACM Trans. Program. Lang. Syst., 2021

Robust authentication for automotive control networks through covert channels.
Comput. Networks, 2021

Abstract Congruence Criteria for Weak Bisimilarity.
Proceedings of the 46th International Symposium on Mathematical Foundations of Computer Science, 2021

Compiler-Assisted Hardening of Embedded Software Against Interrupt Latency Side-Channel Attacks.
Proceedings of the IEEE European Symposium on Security and Privacy, 2021

CapablePtrs: Securely Compiling Partial Programs Using the Pointers-as-Capabilities Principle.
Proceedings of the 34th IEEE Computer Security Foundations Symposium, 2021

POSTER: An Open-Source Framework for Developing Heterogeneous Distributed Enclave Applications.
Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021

Aion: Enabling Open Systems through Strong Availability Guarantees for Enclaves.
Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021

2020
Gavial: Programming the web with multi-tier FRP.
Art Sci. Eng. Program., 2020

Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble.
IEEE Secur. Priv., 2020

Abstract Congruence Criteria for Weak Bisimilarity.
CoRR, 2020

CopyCat: Controlled Instruction-Level Attacks on Enclaves for Maximal Key Extraction.
CoRR, 2020

Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors: Extended Version.
CoRR, 2020

CopyCat: Controlled Instruction-Level Attacks on Enclaves.
Proceedings of the 29th USENIX Security Symposium, 2020

Plundervolt: Software-based Fault Injection Attacks against Intel SGX.
Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection.
Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

Security across abstraction layers: old and new examples.
Proceedings of the IEEE European Symposium on Security and Privacy Workshops, 2020

Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors.
Proceedings of the 33rd IEEE Computer Security Foundations Symposium, 2020

Secure End-to-End Sensing in Supply Chains.
Proceedings of the 8th IEEE Conference on Communications and Network Security, 2020

A Categorical Approach to Secure Compilation.
Proceedings of the Coalgebraic Methods in Computer Science, 2020

Faulty Point Unit: ABI Poisoning Attacks on Intel SGX.
Proceedings of the ACSAC '20: Annual Computer Security Applications Conference, 2020

2019
A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries.
Secur. Commun. Networks, 2019

Linear capabilities for fully abstract compilation of separation-logic-verified code.
Proc. ACM Program. Lang., 2019

Breaking Virtual Memory Protection and the SGX Ecosystem with Foreshadow.
IEEE Micro, 2019

Fallout: Reading Kernel Writes From User Space.
CoRR, 2019

A Systematic Evaluation of Transient Execution Attacks and Defenses.
Proceedings of the 28th USENIX Security Symposium, 2019

Automated Fuzzing of Automotive Control Units.
Proceedings of the 2019 International Workshop on Secure Internet of Things, 2019

Securely deploying distributed computation systems on peer-to-peer networks.
Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, 2019

Improving Privacy Through Fast Passive Wi-Fi Scanning.
Proceedings of the Secure IT Systems, 2019

Temporal Safety for Stack Allocated Memory on Capability Machines.
Proceedings of the 32nd IEEE Computer Security Foundations Symposium, 2019

Verifying the Security of Enclaved Execution Against Interrupt-based Side-channel Attacks.
Proceedings of ACM Workshop on Theory of Implementation Security, 2019

Fallout: Leaking Data on Meltdown-resistant CPUs.
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes.
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

2018
Parametricity versus the universal type.
Proc. ACM Program. Lang., 2018

Secure Compilation (Dagstuhl Seminar 18201).
Dagstuhl Reports, 2018

Symbolic Execution of Security Protocol Implementations: Handling Cryptographic Primitives.
Proceedings of the 12th USENIX Workshop on Offensive Technologies, 2018

Operating Channel Validation: Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks.
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 2018

Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution.
Proceedings of the 27th USENIX Security Symposium, 2018

Impossibility of Precise and Sound Termination-Sensitive Security Enforcements.
Proceedings of the 2018 IEEE Symposium on Security and Privacy, 2018

Scalagna 0.1: towards multi-tier programming with Scala and Scala.js.
Proceedings of the Conference Companion of the 2nd International Conference on Art, 2018

Tracking Information Flow via Delayed Output - Addressing Privacy in IoT and Emailing Apps.
Proceedings of the Secure IT Systems - 23rd Nordic Conference, NordSec 2018, Oslo, Norway, 2018

Off-Limits: Abusing Legacy x86 Memory Segmentation to Spy on Enclaved Execution.
Proceedings of the Engineering Secure Software and Systems - 10th International Symposium, 2018

Release the Kraken: New KRACKs in the 802.11 Standard.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

Prudent Design Principles for Information Flow Control.
Proceedings of the 13th Workshop on Programming Languages and Analysis for Security, 2018

2017
Sancus 2.0: A Low-Cost Security Architecture for IoT Devices.
ACM Trans. Priv. Secur., 2017

Modular, Fully-abstract Compilation by Approximate Back-translation.
Log. Methods Comput. Sci., 2017

The Heisenberg Defense: Proactively Defending SGX Enclaves against Page-Table-Based Side-Channel Attacks.
CoRR, 2017

Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution.
Proceedings of the 26th USENIX Security Symposium, 2017

Authentic Execution of Distributed Event-Driven Applications with a Small TCB.
Proceedings of the Security and Trust Management - 13th International Workshop, 2017

Hardening Intel SGX Applications: Balancing Concerns.
Proceedings of the 2nd Workshop on System Software for Trusted Execution, SysTEX@SOSP 2017, 2017

SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control.
Proceedings of the 2nd Workshop on System Software for Trusted Execution, SysTEX@SOSP 2017, 2017

Elmsvuur: A Multi-tier Version of Elm and its Time-Traveling Debugger.
Proceedings of the Trends in Functional Programming - 18th International Symposium, 2017

Exploring the Ecosystem of Malicious Domain Registrations in the .eu TLD.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2017

Experience Report: Functional Reactive Programming and the DOM.
Proceedings of the Companion to the first International Conference on the Art, 2017

A Principled Approach to Tracking Information Flow in the Presence of Libraries.
Proceedings of the Principles of Security and Trust - 6th International Conference, 2017

FRP IoT modules as a Scala DSL.
Proceedings of the 4th ACM SIGPLAN International Workshop on Reactive and Event-Based Languages and Systems, 2017

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing.
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

Automatically Generating Secure Wrappers for SGX Enclaves from Separation Logic Specifications.
Proceedings of the Programming Languages and Systems - 15th Asian Symposium, 2017

VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks.
Proceedings of the 33rd Annual Computer Security Applications Conference, 2017

2016
Eliminating dependent pattern matching without K.
J. Funct. Program., 2016

On Modular and Fully-Abstract Compilation - Technical Appendix.
CoRR, 2016

An Implementation of a High Assurance Smart Meter Using Protected Module Architectures.
Proceedings of the Information Security Theory and Practice, 2016

Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys.
Proceedings of the 25th USENIX Security Symposium, 2016

Ariadne: A Minimal Approach to State Continuity.
Proceedings of the 25th USENIX Security Symposium, 2016

Request and Conquer: Exposing Cross-Origin Resource Size.
Proceedings of the 25th USENIX Security Symposium, 2016

Security Guarantees for the Execution Infrastructure of Software Applications.
Proceedings of the IEEE Cybersecurity Development, 2016

Ensuring endpoint authenticity in WebRTC peer-to-peer communication.
Proceedings of the 31st Annual ACM Symposium on Applied Computing, 2016

Fully-abstract compilation by approximate back-translation.
Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2016

Developing Secure SGX Enclaves: New Challenges on the Horizon.
Proceedings of the 1st Workshop on System Software for Trusted Execution, 2016

Mitigating Password Database Breaches with Intel SGX.
Proceedings of the 1st Workshop on System Software for Trusted Execution, 2016

Unifiers as equivalences: proof-relevant unification of dependently typed data.
Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming, 2016

Reasoning about Object Capabilities with Logical Relations and Effect Parametricity.
Proceedings of the IEEE European Symposium on Security and Privacy, 2016

Let's Face It: Faceted Values for Taint Tracking.
Proceedings of the Computer Security - ESORICS 2016, 2016

Software security: Vulnerabilities and countermeasures for two attacker models.
Proceedings of the 2016 Design, Automation & Test in Europe Conference & Exhibition, 2016

On Modular and Fully-Abstract Compilation.
Proceedings of the IEEE 29th Computer Security Foundations Symposium, 2016

Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms.
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016

Towards availability and real-time guarantees for protected module architectures.
Proceedings of the Companion Proceedings of the 15th International Conference on Modularity, Málaga, Spain, March 14, 2016

2015
Secure Compilation to Protected Module Architectures.
ACM Trans. Program. Lang. Syst., 2015

Policy ignorant caller-side inline reference monitoring.
Int. J. Softw. Tools Technol. Transf., 2015

Solving the VerifyThis 2012 challenges with VeriFast.
Int. J. Softw. Tools Technol. Transf., 2015

Salus: Kernel Support for Secure Process Compartments.
EAI Endorsed Trans. Security Safety, 2015

Security monitor inlining and certification for multithreaded Java.
Math. Struct. Comput. Sci., 2015

Protected Web Components: Hiding Sensitive Information in the Shadows.
IT Prof., 2015

Featherweight VeriFast.
Log. Methods Comput. Sci., 2015

Secure Resource Sharing for Embedded Protected Module Architectures.
Proceedings of the Information Security Theory and Practice, 2015

All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS.
Proceedings of the 24th USENIX Security Symposium, 2015

Learning Assertions to Verify Linked-List Programs.
Proceedings of the Software Engineering and Formal Methods - 13th International Conference, 2015

SecSess: keeping your session tucked away in your browser.
Proceedings of the 30th Annual ACM Symposium on Applied Computing, 2015

Runtime Enforcement of Security Policies on Black Box Reactive Programs.
Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2015

Sound Modular Verification of C Code Executing in an Unverified Context.
Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2015

Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse.
Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015

Fixing non-determinism.
Proceedings of the 27th Symposium on the Implementation and Application of Functional Programming Languages, 2015

Generating safe boundary APIs between typed EDSLs and their environments.
Proceedings of the 2015 ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences, 2015

Lightweight and Flexible Trust Assessment Modules for the Internet of Things.
Proceedings of the Computer Security - ESORICS 2015, 2015

Sound, Modular and Compositional Verification of the Input/Output Behavior of Programs.
Proceedings of the Programming Languages and Systems, 2015

2014
Primer on Client-Side Web Security
Springer Briefs in Computer Science, Springer, ISBN: 978-3-319-12226-7, 2014

Software verification with VeriFast: Industrial case studies.
Sci. Comput. Program., 2014

Secure multi-execution of web scripts: Theory and practice.
J. Comput. Secur., 2014

Evolution of Security Engineering Artifacts: A State of the Art Survey.
Int. J. Secur. Softw. Eng., 2014

On the Workings and Current Practices of Web-Based Device Fingerprinting.
IEEE Secur. Priv., 2014

On the effectiveness of virtualization-based security.
CoRR, 2014

Stranger danger: exploring the ecosystem of ad-based URL shortening services.
Proceedings of the 23rd International World Wide Web Conference, 2014

Partial Type Signatures for Haskell.
Proceedings of the Practical Aspects of Declarative Languages, 2014

Multi-Tier Functional Reactive Programming for the Web.
Proceedings of the Onward! 2014, 2014

Soundsquatting: Uncovering the Use of Homophones in Domain Squatting.
Proceedings of the Information Security - 17th International Conference, 2014

Client Side Web Session Integrity as a Non-interference Property.
Proceedings of the Information Systems Security - 10th International Conference, 2014

Pattern matching without K.
Proceedings of the 19th ACM SIGPLAN international conference on Functional programming, 2014

Overlapping and Order-Independent Patterns - Definitional Equality for All.
Proceedings of the Programming Languages and Systems, 2014

Stateful Declassification Policies for Event-Driven Programs.
Proceedings of the IEEE 27th Computer Security Foundations Symposium, 2014

Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

Monkey-in-the-browser: malware and vulnerabilities in augmented browsing script markets.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

Secure interrupts on low-end microcontrollers.
Proceedings of the IEEE 25th International Conference on Application-Specific Systems, 2014

Advanced Wi-Fi attacks using commodity hardware.
Proceedings of the 30th Annual Computer Security Applications Conference, 2014

ICE: a passive, high-speed, state-continuity scheme.
Proceedings of the 30th Annual Computer Security Applications Conference, 2014

NodeSentry: least-privilege library integration for server-side JavaScript.
Proceedings of the 30th Annual Computer Security Applications Conference, 2014

2013
VeriFast for Java: A Tutorial.
Proceedings of the Aliasing in Object-Oriented Programming. Types, 2013

CPM: Masking Code Pointers to Prevent Code Injection Attacks.
ACM Trans. Inf. Syst. Secur., 2013

Bitsquatting: exploiting bit-flips for fun, or profit?
Proceedings of the 22nd International World Wide Web Conference, 2013

Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base.
Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, 2013

Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting.
Proceedings of the 2013 IEEE Symposium on Security and Privacy, 2013

State Coverage: An Empirical Analysis Based on a User Study.
Proceedings of the SOFSEM 2013: Theory and Practice of Computer Science, 2013

Salus: Non-hierarchical Memory Access Rights to Enforce the Principle of Least Privilege.
Proceedings of the Security and Privacy in Communication Networks, 2013

Monadic abstract interpreters.
Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, 2013

Fixing idioms: a recursion primitive for applicative DSLs.
Proceedings of the ACM SIGPLAN 2013 Workshop on Partial Evaluation and Program Manipulation, 2013

Protected Software Module Architectures.
Proceedings of the ISSE 2013, 2013

Typed syntactic meta-programming.
Proceedings of the ACM SIGPLAN International Conference on Functional Programming, 2013

Information Flow Control for Web Scripts.
Proceedings of the Foundations of Security Analysis and Design VII, 2013

HeapSentry: Kernel-Assisted Protection against Heap Overflows.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2013

Practical verification of WPA-TKIP vulnerabilities.
Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security, 2013

FPDetective: dusting the web for fingerprinters.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

Secure Compilation of Object-Oriented Components to Protected Module Architectures.
Proceedings of the Programming Languages and Systems - 11th Asian Symposium, 2013

2012
Implicit dynamic frames.
ACM Trans. Program. Lang. Syst., 2012

Finally tagless observable recursion for an abstract grammar model.
J. Funct. Program., 2012

Runtime countermeasures for code injection attacks against C and C++ programs.
ACM Comput. Surv., 2012

Recent Developments in Low-Level Software Security.
Proceedings of the Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems, 2012

State Coverage: Software Validation Metrics beyond Code Coverage.
Proceedings of the SOFSEM 2012: Theory and Practice of Computer Science, 2012

PESAP: A Privacy Enhanced Social Application Platform.
Proceedings of the 2012 International Conference on Privacy, 2012

A Security Analysis of Emerging Web Standards - HTML5 and Friends, from Specification to Implementation.
Proceedings of the SECRYPT 2012, 2012

DEMACRO: Defense against Malicious Cross-Domain Requests.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2012

Exploring the Ecosystem of Referrer-Anonymizing Services.
Proceedings of the Privacy Enhancing Technologies - 12th International Symposium, 2012

There Is Safety in Numbers: Preventing Control-Flow Hijacking by Duplication.
Proceedings of the Secure IT Systems - 17th Nordic Conference, 2012

Sound Formal Verification of Linux's USB BP Keyboard Driver.
Proceedings of the NASA Formal Methods, 2012

ProtoLeaks: A Reliable and Protocol-Independent Network Covert Channel.
Proceedings of the Information Systems Security, 8th International Conference, 2012

Secure Multi-Execution through Static Program Transformation.
Proceedings of the Formal Techniques for Distributed Systems, 2012

Serene: Self-Reliant Client-Side Protection against Session Fixation.
Proceedings of the Distributed Applications and Interoperable Systems, 2012

Secure Compilation to Modern Processors.
Proceedings of the 25th IEEE Computer Security Foundations Symposium, 2012

Fides: selectively hardening software application components against kernel-level or process-level malware.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

You are what you include: large-scale evaluation of remote javascript inclusions.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

FlowFox: a web browser with flexible and precise information flow control.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

FlashOver: automated discovery of cross-site scripting vulnerabilities in rich internet applications.
Proceedings of the 7th ACM Symposium on Information, Compuer and Communications Security, 2012

JSand: complete client-side sandboxing of third-party JavaScript without browser modifications.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

2011
Filter-resistant code injection on ARM.
J. Comput. Virol., 2011

Special Section on Formal Techniques for Java-like Programs.
J. Object Technol., 2011

The Belgian Electronic Identity Card: a Verification Case Study.
Electron. Commun. Eur. Assoc. Softw. Sci. Technol., 2011

Information flow enforcement in monadic libraries.
Proceedings of TLDI 2011: 2011 ACM SIGPLAN International Workshop on Types in Languages Design and Implementation, 2011

Orchestrating Security and System Engineering for Evolving Systems - (Invited Paper).
Proceedings of the Towards a Service-Based Internet - 4th European Conference, 2011

Expressive modular fine-grained concurrency specification.
Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2011

Explicitly Recursive Grammar Combinators - A Better Model for Shallow Parser DSLs.
Proceedings of the Practical Aspects of Declarative Languages, 2011

Reactive non-interference for a browser model.
Proceedings of the 5th International Conference on Network and System Security, 2011

VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java.
Proceedings of the NASA Formal Methods, 2011

Better Security and Privacy for Web Browsers: A Survey of Techniques, and a New Implementation.
Proceedings of the Formal Aspects of Security and Trust - 8th International Workshop, 2011

On the bright side of type classes: instance arguments in Agda.
Proceedings of the Proceeding of the 16th ACM SIGPLAN international conference on Functional Programming, 2011

Annotation Inference for Separation Logic Based Verifiers.
Proceedings of the Formal Techniques for Distributed Systems, 2011


Verification of Unloadable Modules.
Proceedings of the FM 2011: Formal Methods, 2011

Theoretical Aspects of Compositional Symbolic Execution.
Proceedings of the Fundamental Approaches to Software Engineering, 2011

Automatic and Precise Client-Side Protection against CSRF Attacks.
Proceedings of the Computer Security - ESORICS 2011, 2011

Code Pointer Masking: Hardening Applications against Code Injection Attacks.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2011

WebJail: least-privilege integration of third-party components in web mashups.
Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, 2011

2010
Low-Level Software Security by Example.
Proceedings of the Handbook of Information and Communication Security, 2010

Provably correct inline monitoring for multithreaded Java-like programs.
J. Comput. Secur., 2010

Improving Memory Management Security for C and C++.
Int. J. Secur. Softw. Eng., 2010

Automatic verification of Java programs with dynamic frames.
Formal Aspects Comput., 2010

Efficient and Effective Buffer Overflow Protection on ARM Processors.
Proceedings of the Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices, 2010

Noninterference through Secure Multi-execution.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010

Efficient Isolation of Trusted Subsystems in Embedded Systems.
Proceedings of the Security and Privacy in Communication Networks, 2010

A machine-checked soundness proof for an efficient verification condition generator.
Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), 2010

Security of Web Mashups: A Survey.
Proceedings of the Information Security Technology for Applications, 2010

ValueGuard: Protection of Native Applications against Data-Only Buffer Overflows.
Proceedings of the Information Systems Security - 6th International Conference, 2010

Heap-Dependent Expressions in Separation Logic.
Proceedings of the Formal Techniques for Distributed Systems, 2010

CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests.
Proceedings of the Engineering Secure Software and Systems, Second International Symposium, 2010

PAriCheck: an efficient pointer arithmetic checker for C programs.
Proceedings of the 5th ACM Symposium on Information, 2010

A Quick Tour of the VeriFast Program Verifier.
Proceedings of the Programming Languages and Systems - 8th Asian Symposium, 2010

2009
Security enforcement aware software development.
Inf. Softw. Technol., 2009

The S3MS.NET Run Time Monitor: Tool Demonstration.
Proceedings of the Fourth Workshop on Bytecode Semantics, 2009

Test Input Generation for Programs with Pointers.
Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems, 2009

A Machine Checked Soundness Proof for an Intermediate Verification Language.
Proceedings of the SOFSEM 2009: Theory and Practice of Computer Science, 2009

A Security Architecture for Web 2.0 Applications.
Proceedings of the Towards the Future Internet - A European Research Perspective, 2009

Breaking the memory secrecy assumption.
Proceedings of the Second European Workshop on System Security, 2009

Report: Extensibility and Implementation Independence of the .NET Cryptographic API.
Proceedings of the Engineering Secure Software and Systems, 2009

Implicit Dynamic Frames: Combining Dynamic Frames and Separation Logic.
Proceedings of the ECOOP 2009, 2009

Failboxes: Provably Safe Exception Handling.
Proceedings of the ECOOP 2009, 2009

Security Monitor Inlining for Multithreaded Java.
Proceedings of the ECOOP 2009, 2009

Protecting Global and Static Variables from Buffer Overflow Attacks.
Proceedings of the The Forth International Conference on Availability, 2009

Security Middleware for Mobile Applications.
Proceedings of the Middleware for Network Eccentric and Mobile Applications, 2009

2008
Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies.
IEEE Trans. Software Eng., 2008

A programming model for concurrent object-oriented programs.
ACM Trans. Program. Lang. Syst., 2008

Preface.
Sci. Comput. Program., 2008

Security-by-contract on the .NET platform.
Inf. Secur. Tech. Rep., 2008

Generics of a higher kind.
Proceedings of the 23rd Annual ACM SIGPLAN Conference on Object-Oriented Programming, 2008

A Caller-Side Inline Reference Monitor for an Object-Oriented Intermediate Language.
Proceedings of the Formal Methods for Open Object-Based Distributed Systems, 2008

VeriCool: An Automatic Verifier for a Concurrent Object-Oriented Language.
Proceedings of the Formal Methods for Open Object-Based Distributed Systems, 2008

Security-By-Contract for the Future Internet.
Proceedings of the Future Internet - FIS 2008, First Future Internet Symposium, 2008

An Automatic Verifier for Java-Like Programs Based on Dynamic Frames.
Proceedings of the Fundamental Approaches to Software Engineering, 2008

2007
Inspector Methods for State Abstraction.
J. Object Technol., 2007

Preface.
Proceedings of the First International Workshop on Run Time Enforcement for Mobile and Distributed Systems, 2007

Sound reasoning about unchecked exceptions.
Proceedings of the Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007), 2007

Supporting Security Monitor-Aware Development.
Proceedings of the Third International Workshop on Software Engineering for Secure Systems, 2007

A flexible security architecture to support third-party applications on mobile devices.
Proceedings of the 2007 ACM workshop on Computer Security Architecture, 2007

2006
Static Verification of Code Access Security Policy Compliance of .NET Applications.
J. Object Technol., 2006

A Simple Sequential Reasoning Approach for Sound Modular Verification of Mainstream Multithreaded Programs.
Proceedings of the Thread Verification Workshop, 2006

A Modular Access Control Service for Supporting Application-Specific Policies.
IEEE Distributed Syst. Online, 2006

Static Verification of Indirect Data Sharing in Loosely-coupled Component Systems.
Proceedings of the Software Composition - 5th International Symposium, 2006

VC generation for functional behavior and non-interference of iterators.
Proceedings of the 2006 Conference on Specification and Verification of Component-Based Systems, 2006

How secure is AOP and what can we do about it?
Proceedings of the 2006 international workshop on Software engineering for secure systems, 2006

Efficient Protection Against Heap-Based Buffer Overflows Without Resorting to Magic.
Proceedings of the Information and Communications Security, 8th International Conference, 2006

An object-oriented approach to datatype-generic programming.
Proceedings of the ACM SIGPLAN Workshop on Generic Programming, 2006

A Statically Verifiable Programming Model for Concurrent Object-Oriented Programs.
Proceedings of the Formal Methods and Software Engineering, 2006

Bridging the gap between web application firewalls and web applications.
Proceedings of the 2006 ACM workshop on Formal methods in security engineering, 2006

Extended Protection against Stack Smashing Attacks without Performance Loss.
Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), 2006

2005
Towards a unifying view on security contracts.
ACM SIGSOFT Softw. Eng. Notes, 2005

Requirements traceability to support evolution of access control.
ACM SIGSOFT Softw. Eng. Notes, 2005

Safe Concurrency for Aggregate Objects with Invariants.
Proceedings of the Third IEEE International Conference on Software Engineering and Formal Methods (SEFM 2005), 2005

A Methodology for Designing Countermeasures against Current and Future Code Injection Attacks.
Proceedings of the 3rd IEEE International Workshop on Information Assurance (IWIA 2005), 2005

Uniform Application-level Access Control Enforcement of Organizationwide Policies.
Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005

2004
Support for Metadata-driven Selection of Run-time Services in .NET is Promising but Immature.
J. Object Technol., 2004

Towards preserving correctness in self-managed software systems.
Proceedings of the 1st ACM SIGSOFT Workshop on Self-Managed Systems, 2004

Threat Modelling for Web Services Based Web Applications.
Proceedings of the Communications and Multimedia Security, 2004

A Generic Architecture for Web Applications to Support Threat Analysis of Infrastructural Components.
Proceedings of the Communications and Multimedia Security, 2004

2003
Software security: experiments on the .NET common language run-time and the shared source common language infrastructure.
IEE Proc. Softw., 2003

Secure Vickrey Auctions without a Trusted Third Party.
Proceedings of the Security and Privacy in the Age of Uncertainty, 2003

Adaptable Access Control Policies for Medical Information Systems.
Proceedings of the Distributed Applications and Interoperable Systems, 2003

2002
A survey of customizability in operating systems research.
ACM Comput. Surv., 2002

2001
Developing secure software. A survey and classification of common software vulnerabilities.
Proceedings of the Integrity, 2001

On Securely Scheduling a Meeting.
Proceedings of the Trusted Information: The New Decade Challenge, 2001

Second Price Auctions - A Case Study of Secure Distributed Computating.
Proceedings of the New Developments in Distributed Applications and Interoperable Systems, 2001

2000
On the Practical Feasibiltiy of Secure Distributed Computing: A Case Study.
Proceedings of the Information Security for Global Information Infrastructures, 2000

Semi-trusted Hosts and Mobile Agents: Enabling Secure Distributed Computations.
Proceedings of the Mobile Agents for Telecommunication Applications, 2000

Universal Arrow Foundations for Visual Modeling.
Proceedings of the Theory and Application of Diagrams, First International Conference, 2000

1999
What vs. How of Visual Modeling: The Arrow Logic of Graphic Notations.
Proceedings of the Behavioral Specifications of Businesses and Systems, 1999

1997
Selective Attribute Elimination for Categorial Data Specifications.
Proceedings of the Algebraic Methodology and Software Technology, 1997

1996
A Realistic Experiment in Knowledge Representation in Open Event Calculus: Protocol Specification.
Proceedings of the Logic Programming, 1996

1995
Using Event Calculus for Protocol Specification: An Experiment.
Proceedings of the Deductive Databases and Logic Programming, 1995

1994
Canonical Forms for Data-Specifications.
Proceedings of the Computer Science Logic, 8th International Workshop, 1994

1993
Interconnecting domains with heterogeneous key distribution and authentication protocols.
Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy, 1993


  Loading...