- [1] Accurate Disassembly of Complex Binaries Without Use of Compiler Metadata
- Soumyakant Priyadarshan, Huan Nguyen and R. Sekar
ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) February, 2024.
- [2] SAFER: Efficient and Error-Tolerant Binary Instrumentation
- Soumyakant Priyadarshan, Huan Nguyen, Rohit Chouhan and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2023.
- [3] Extracting Instruction Semantics Via Symbolic Execution of Code Generators
- Niranjan Hasabnis and R. Sekar
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2016.
- [4] Lifting Assembly to Intermediate Representation: A Novel Approach Leveraging Compilers
- Niranjan Hasabnis and R. Sekar
ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) April, 2016.
- [5] Code and Control Flow Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks
- Mingwei Zhang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.
- [6] A Principled Approach for ROP Defense
- Rui Qiao, Mingwei Zhang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.
- [7] Harbormaster: Policy Enforcement for Containers
- Mingwei Zhang, Daniel Marino and Petros Efstathopoulos
IEEE CloudCom (CloudCom) November, 2015.
- [8] Automatic Generation of Assembly to IR Translators Using Compilers
- Niranjan Hasabnis and R. Sekar
Workshop on Architectural and Microarchitectural Support for Binary Translation (AMAS-BT) February, 2015.
- [9] Eternal War in Memory
- Laszlo Szekeres, Mathias Payer, Tao Wei and R. Sekar
IEEE Security and Privacy Magazine (S&P Magazine) May, 2014.
- [10] A Platform for Secure Static Binary Instrumentation
- Mingwei Zhang, Rui Qiao, Niranjan Hasabnis and R. Sekar
Virtual Execution Environments (VEE) March, 2014.
- [11] Control Flow Integrity for COTS Binaries
- Mingwei Zhang and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2013.
Best paper award!.
- [12] SoK: Eternal War in Memory
- Laszlo Szekeres, Mathias Payer, Tao Wei and Dawn Song
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.
- [13] Protecting Function Pointers in Binary
- Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant and Laszlo Szekeres
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2013.
- [14] Practical Control Flow Integrity and Randomization for Binary Executables
- Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song and Wei Zou
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.
- [15] Protection, Usability and Improvements in Reflected XSS Filters
- Riccardo Pelizzi and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2012.
- [16] Taint-Enhanced Anomaly Detection
- Lorenzo Cavallaro and R. Sekar
International Conference on Information Systems Security (ICISS) December, 2011.
- [17] A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications
- Riccardo Pelizzi and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2011.
- [18] PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs
- Yves Younan, Pieter Philippaerts, Lorenzo Cavallaro, R. Sekar, Frank Piessens and Wouter Joosen
ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2010.
- [19] Online Signature Generation for Windows Systems
- Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2009.
- [20] Practical Techniques for Regeneration and Immunization of COTS Applications
- Lixin Li, Mark R. Cornwell, E. Hultman, Jim Just and R. Sekar
Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009.
- [21] An Efficient Black-box Technique for Defeating Web Application Attacks
- R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
- [22] Anomalous Taint Detection (Extended Abstract)
- Lorenzo Cavallaro and R. Sekar
Recent Advances in Intrusion Detection (RAID) September, 2008. (Full version available as Technical Report SECLAB08-06).
- [23] Data Space Randomization
- Sandeep Bhatkar and R. Sekar
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
- [24] Comprehensive Memory Error Protection via Diversity and Taint-Tracking
- Lorenzo Cavallaro
PhD Dissertation (Stony Brook University) February, 2008.
- [25] Address-Space Randomization for Windows Systems
- Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2006.
- [26] Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
- Wei Xu, Sandeep Bhatkar and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2006. (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]).
- [27] Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models
- Zhenkai Liang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2005. (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.).
- [28] Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers
- Zhenkai Liang and R. Sekar
ACM Conference on Computer and Communications Security (CCS) November, 2005. (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.).
- [29] Efficient Techniques for Comprehensive Protection from Memory Error Exploits
- Sandeep Bhatkar, R. Sekar and Daniel DuVarney
USENIX Security Symposium (USENIX Security) August, 2005.
- [30] Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
- Sandeep Bhatkar, Daniel DuVarney and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2003.