REACT REACT

Deliverables

  • Deliverable D2.1: Threat Models (November 2018) Icon pdf (2.9 MB)
  • Deliverable D2.3: Technology Requirements (May 2019) Icon pdf (244.4 KB)
  • Deliverable D7.1: Website and Collaboration Tools (August 2018) Icon pdf (2.5 MB)
  • Deliverable D7.2: Initial Dissemination Plan (November 2018) Icon pdf (2.8 MB)

Publications in Journals & Conferences

  1. Pietro Borrello, Daniele Cono D’Elia, Leonardo Querzoni, Cristiano Giuffrida. Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization. In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS). Seoul, South Korea. November 2021. Icon pdf (871.9 KB)
  2. Hany Ragab, Enrico Barberis, Herbert Bos, Cristiano Giuffrida. Rage Against the Machine Clear: A Systematic Analysis of Machine Clearsand Their Implications for Transient Execution Attacks. In Proceedings of the 30th USENIX Security Symposium. Virtual Event. August 2021. Icon pdf (3.9 MB)
  3. Finn de Ridder, Pietro Frigo,Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, Kaveh Razavi. SMASH: Synchronized Many-sided Rowhammer Attacks From JavaScript. In Proceedings of the 30th USE­NIX Se­cu­ri­ty Sym­po­si­um. Virtual Event. Au­gust 2021. Icon pdf (578.6 KB)
  4. Gabriel Ryan, Abhishek Shah, Dongdong She, Koustubha Bhat, Suman Jana. Fine Grained Dataflow Tracking with Proximal Gradients. In Proceedings of the 30th USE­NIX Se­cu­ri­ty Sym­po­si­um. Virtual Event. Au­gust 2021. Icon pdf (3.9 MB)
  5. Ser­gej Schu­mi­lo, Cor­ne­li­us Ascher­mann, Ali Ab­ba­si, Simon Wör­ner, Thors­ten Holz. Nyx: Grey­box Hy­per­vi­sor Fuz­zing using Fast Snap­shots and Af­fi­ne Types. In Proceedings of the 30th USE­NIX Se­cu­ri­ty Sym­po­si­um. Virtual Event. Au­gust 2021. Icon pdf (1.7 MB)
  6. Antreas Dionysiou, Vassilis Vassiliades, Elias Athanasopoulos. HoneyGen: Generating Honeywords Using Representation Learning. In Proceedings of the 16th ACM Asia Conference on Computer and Communications Security (AsiaCCS). Hong Kong, China (Virtual Event). June 2021. Icon pdf (2.2 MB)
  7. Koustubha Bhat, Erik van der Kouwe, Herbert Bos, Cristiano Giuffrida. FIRestarter: Practical Software Crash Recoverywith Targeted Library-level Fault Injection. In Proceedings of the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Virtual Event. June 2021. Icon pdf (597.0 KB)
  8. Hany Ragab, Alyssa Milburn, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. CrossTalk: Speculative Data Leaks Across Cores Are Real. In Proceedings of the 42nd IEEE Symposium on Security & Privacy (S&P 2021). San Francisco, CA, USA. May 2021. Icon pdf (718.3 KB)
  9. Platon Kotzias, Juan Caballero, Leyla Bilge. How Did That Get In My Phone? Unwanted App Distribution on Android Devices. In Proceedings of the 42nd IEEE Symposium on Security & Privacy (S&P 2021). San Francisco, CA, USA. May 2021. Icon pdf (346.4 KB)
  10. Sebastian Österlund, Elia Geretto, Andrea Jemmett, Emre Güler, Philipp Görz, Thorsten Holz, Cristiano Giuffrida, Herbert Bos. CollabFuzz: A Framework for Collaborative Fuzzing. In Proceedings of the 14th European Workshop on Systems Security (EuroSec). Virtual Event. April 2021. Icon pdf (955.5 KB)
  11. Giuseppe Antonio Di Luna, Davide Italiano, Luca Massarelli, Sebastian Österlund, Cristiano Giuffrida, Leonardo Querzoni. Who’s Debugging the Debuggers? Exposing DebugInformation Bugs in Optimized Binaries. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021). Virtual Event. April 2021. Icon pdf (279.3 KB)
  12. Victor Duta, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe. PIBE: Practical Kernel Control-flow Hardening with Profile-guided Indirect Branch Elimination. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021).Virtual Event. April 2021. Icon pdf (310.5 KB)
  13. Emre Güler, Philipp Görz, Elia Geretto, Andrea Jemmett, Sebastian Österlund, Herbert Bos, Cristiano Giuffrida, Thorsten Holz. Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing. In Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC 2020). Virtual Event. December, 2020. Icon pdf (1018.9 KB)
  14. Enes Göktaş, Kaveh Razavi, Georgios Portokalidis, Herbert Bos, Cristiano Giuffrida. Speculative Probing: Hacking Blind in the Spectre Era. In Proceedings of the ACM Conference on Computer and Communications Security (CCS 2020). Virtual Event. November, 2020. Icon pdf (837.4 KB)
  15. Neophytos Christou, Elias Athanasopoulos. auth.js: Advanced Authentication for the Web. In Proceedings of the 3rd International Workshop on Emerging Technologies for Authorization and Authentication (co-located with ESORICS). Guildford, UK. September 2020. Icon pdf (341.8 KB)
  16. Radhesh K. Konoth, Björn Fischer, Wan Fokkink, Elias Athanasopoulos, Kaveh Razavi, Herbert Bos. SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions. In Proceedings of the 5th IEEE European Symposium on Security and Privacy 2020. Genova, Italy, September 2020. Icon pdf (4.3 MB)
  17. Jakob Koschel, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi. TagBleed: Breaking KASLR on the Isolated Kernel Address Space Using Tagged TLB. In Proceedings of the 5th IEEE European Symposium on Security and Privacy 2020. Genova, Italy. September, 2020. Icon pdf (2.9 MB)
  18. Sebastian Österlund, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. ParmeSan: Sanitizer-guided Greybox Fuzzing. In Proceedings of the 29th USENIX Security Symposium. Boston, USA. August, 2020. Icon pdf (202.6 KB)
  19. Tim Bla­zyt­ko, Mo­ritz Schlö­gel, Cor­ne­li­us Ascher­mann, Ali Ab­ba­si, Joel Frank, Simon Wör­ner, Thors­ten Holz. Au­ro­ra: Sta­tis­ti­cal Crash Ana­ly­sis for Au­to­ma­ted Root Cause Ex­pla­na­ti­on. In Proceedings of the 29th USENIX Security Symposium. Boston, USA. August, 2020. Icon pdf (250.1 KB)
  20. Antreas Dionysiou, Elias Athanasopoulos. SoK: Machine vs. Machine - A Systematic Classification of Automated Machine Learning-based CAPTCHA Solvers. In Computers & Security 97, 101947. July 2020. Icon pdf (1004.5 KB)
  21. Erik van der Kouwe, Gernot Heiser, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida. Benchmarking Flaws Undermine Security Research. In IEEE Security & Privacy. Vol 18, no. 3, pp. 48-57. June 2020. Icon pdf (1.8 MB)
  22. Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi. TRRespass: Exploiting the Many Sides of Target Row Refresh. In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P'20). San Francisco, CA, USA. May 2020. Icon pdf (817.3 KB)
  23. Savino Dambra, Leyla Bilge, Davide Balzarotti. SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap. In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P'20). San Francisco, CA, USA. May 2020. Icon pdf (333.5 KB)
  24. Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi. NetCAT: Practical Cache Attacks from the Network. In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P'20). San Francisco, CA, USA. May 2020. Icon pdf (1.2 MB)
  25. Cornelius Aschermann, Sergej Schumilo, Ali Abbasi, Thorsten Holz. IJON: Exploring Deep State Spaces via Fuzzing. In Proceedings of the IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy ("Oak­land"). San Jose, CA. May 2020. Icon pdf (412.8 KB)
  26. Teemu Rytilahti, Thorsten Holz. On Using Application-Layer Middlebox Protocolsfor Peeking Behind NAT Gateways. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2020). San Diego, CA. February, 2020. Icon pdf (342.8 KB)
  27. Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wör­ner, Thorsten Holz. HYPER-CUBE: High-Dimensional Hypervisor Fuzzing. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2020). San Diego, CA. February, 2020. Icon pdf (334.6 KB)
  28. Ben Gras, Cristiano Giuffrida, Michael Kurth, Herbert Bos, Kaveh Razavi. ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures.  In Proceedings of the Network and Distributed System Security Symposium (NDSS 2020). San Diego, CA. February, 2020. Icon pdf (959.0 KB)
  29. Michalis Papaevripides and Elias Athanasopoulos. Exploiting Mixed Binaries. In ACM Transactions on Security and Privacy. January 2020. Icon pdf (619.3 KB)
  30. Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos. VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching. In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC'19). San Juan, PR, USA, December 2019. Icon pdf (1.2 MB)
  31. Michalis Pachilakis, Panagiotis Papadopoulos, Evangelos P. Markatos, Nicolas Kourtellis. No More Chasing Waterfalls: A Measurement Study of the Header Bidding Ad-Ecosystem. In Proceedings of the 19th Internet Measurements Conference 2019 (IMC'19). Amsterdam, Netherlands. October 2019. Icon pdf (3.2 MB)
  32. Panagiotis Papadopoulos, Panagiotis Ilia, Evangelos Markatos. Truth in Web Mining: Measuring the Profitability and the Imposed Overheads of Cryptojacking. In Proceedings of 22nd Information Security Conference (ISC). New York, USA. September 2019. Icon pdf (399.0 KB)
  33. Emre Güler, Cornelius Aschermann, Ali Abbasi, and Thorsten Holz. AntiFuzz: Impeding Fuzzing Audits of Binary Executables. In Proceedings of the 28th USENIX Security Symposium. Santa Clara, CA, USA. August, 2019. Icon pdf (417.9 KB)
  34. Sanghyun Hong, Pietro Frigo, Yigitcan Kaya, Cristiano Giuffrida, Tudor Dumitras. Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks. In Proceedings of the 28th USENIX Security Symposium. Santa Clara, CA, USA. August, 2019. Icon pdf (678.5 KB)
  35. Kouwe, Erik van der, Gernot Heiser, Dennis Andriesse, Herbert Bos, and Cristiano Giuffrida. SoK: Benchmarking Flaws in Systems Security. In Proceedings of the 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019). Stockholm, Sweden. June, 2019. Icon pdf (286.3 KB)
  36. Constantinos Diomedous and Elias Athanasopoulos. Practical Password Hardening based on TLS. In Proceedings of the 16th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA). Gothenburg, Sweden, June 2019. Icon pdf (378.5 KB)
  37. Panagiotis Papadopoulos, Nicolas Kourtellis, Evangelos P. Markatos. Cookie synchronization: Everything you always wanted to know but were afraid to ask. In Proceedings of the 28th International Conference on World Wide Web (WWW). San Fransisco, USA. May 2019. Icon pdf (2.3 MB)
  38. Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos. Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks. In Proceedings of the 40th IEEE Symposium on Security and Privacy. San Francisco, USA. May 2019. Icon pdf (3.4 MB)
  39. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. RIDL: Rogue In-Flight Data Load. In Proceedings of the 40th IEEE Symposium on Security and Privacy. San Francisco, CA. May 2019. Icon pdf (1.4 MB)
  40. Michalis Diamantaris, Elias P. Papadopoulos, Evangelos P. Markatos, Sotiris Ioannidis, Jason Polakis. REAPER: Real-time App Analysis for Augmenting the Android Permission System. In Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (ACM CODASPY). Dallas, TX, USA. March, 2019. Icon pdf (1.2 MB)
  41. Koustubha Bhat, Erik van der Kouwe, Herbert Bos, Cristiano Giuffrida. ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations. In Proceedings of the 24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2019). Providence, RI, USA. April, 2019. Icon pdf (856.4 KB)
  42. Österlund, Sebastian, Koen Koning, Pierre Olivier, Antonio Barbalace, Herbert Bos, and Cristiano Giuffrida. KMVX: Detecting Kernel Information Leaks with Multi-Variant Execution. In Proceedings of the 24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2019). Providence, RI, USA. April, 2019. Icon pdf (700.2 KB)
  43. Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz. REDQUEEN: Fuzzing with Input-to-State Correspondence. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2019). San Diego, CA, USA. February, 2019. Icon pdf (1.6 MB)
  44. Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert. NAUTILUS: Fishing for Deep Bugs with Grammars. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2019). San Diego, CA, USA. February, 2019. Icon pdf (697.2 KB)
  45. Panagiotis Papadopoulos, Panagiotis Ilia, Michalis Polychronakis, Evangelos Markatos, Sotiris Ioannidis, Giorgos Vasiliadis. Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation. In Proceedings of the the Network and Distributed System Security Symposium (NDSS 2019). San Diego, CA, USA. February, 2019. Icon pdf (799.0 KB)
  46. Platon Kotzias, Leyla Bilge, Pierre-Antoine Vervier, Juan Caballero. Mind Your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2019). San Diego, CA, USA. February, 2019.  Icon pdf (322.7 KB)
  47. Vivek Jain, Sanjay Rawat, Cristiano Giuffrida, Herbert Bos. TIFF: Using Input Type Inference To Improve Fuzzing. In Proceedings of the 2018 Annual Computer Security Applications Conference (ACSAC). San Juan, Puerto Rico, USA. December 2018. Icon pdf (623.1 KB)
  48. Behrad Garmany, Martin Stoffel, Robert Gawlik, Philipp Koppe, Tim Blazytko, Thorsten Holz. Towards Automated Generation of Exploitation Primitives for Web Browsers. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC 18). San Juan, Puerto Rico, USA. December 2018. Icon pdf (2.3 MB)
  49. Erik van der Kouwe, Taddeus Kroes, Chris Ouwehand, Herbert Bos, Cristiano Giuffrida. Type-After-Type: Practical and Complete Type-Safe Memory Reuse. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC 18). San Juan, Puerto Rico, USA. December 2018. Icon pdf (813.3 KB)
  50. Yun Shen, Enrico Mariconti, Pierre Antoine Vervier, Gianluca Stringhini. Tiresias: Predicting Security Events Through Deep Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018). Toronto, Canada. October, 2018. Icon pdf (2.8 MB)
  51. Radhesh Krishnan Konoth, Marco Oliverio, Andrei Tatar, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida, Kaveh Razavi. ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18). Carlsbad, CA, USA. October, 2018. Icon pdf (372.3 KB)
  52. Andrei Tatar, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. Defeating Software Mitigations against Rowhammer: a Surgical Precision Hammer. In Proceedings of the 21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018). Heraklion, Crete, Greece. September, 2018. Icon pdf (515.3 KB)
  53. Stephan van Schaik, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi. Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD, USA. August, 2018. Icon pdf (1.0 MB)
  54. Ben Gras, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD, USA. August, 2018. Icon pdf (1.5 MB)
  55. Robert Gawlik, Thorsten Holz. SoK: Make JIT-Spray Great Again. In Proceedings of the 12th USENIX Workshop on Offensive Technologies (WOOT 18). Baltimore, MD, USA. August. 2018. Icon pdf (213.4 KB)

Blog posts

Webinars