Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Publications in Policy/Specification Languages

[1]  An Efficient Black-box Technique for Defeating Web Application Attacks
R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
[2]  Fast Packet Classification for Snort
Alok Tongaonkar, Sreenaath Vasudevan and R. Sekar
USENIX Large Installation System Administration Conference (LISA) November, 2008.
[3]  Expanding Malware Defense by Securing Software Installations
Weiqing Sun, R. Sekar, Zhenkai Liang and V.N. Venkatakrishnan
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
[4]  Practical Proactive Integrity Preservation: A Basis for Malware Defense
Weiqing Sun, R. Sekar, Gaurav Poothia and Tejas Karandikar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2008.
[5]  Inferring Higher Level Policies from Firewall Rules
Alok Tongaonkar, Niranjan Inamdar and R. Sekar
USENIX Large Installation System Administration Conference (LISA) November, 2007.
[6]  On Supporting Active User Feedback in P3P
V.N. Venkatakrishnan, Wei Xu and Rishi Kant Sharda
Secure Knowledge Management Workshop (SKM) September, 2006.
[7]  A Framework for Building Privacy-Conscious Composite Web Services
Wei Xu, V.N. Venkatakrishnan, R. Sekar and I.V. Ramakrishnan
IEEE International Conference on Web Services (ICWS) September, 2006. (Application Services and Industry Track).
[8]  Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
Wei Xu, Sandeep Bhatkar and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2006. (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]).
[9]  An Approach for Realizing Privacy-Preserving Web-Based Services (Poster)
Wei Xu, R. Sekar, I.V. Ramakrishnan and V.N. Venkatakrishnan
14th International World Wide Web Conference (WWW) May, 2005.
[10]  A Secure Composition Framework for Trustworthy Personal Information Assistants
V.N. Venkatakrishnan, Wei Xu, I.V. Ramakrishnan and R. Sekar
IEEE International Conference on Integration of Knowledge Intensive Multi-Agent Systems (KIMAS) April, 2005.
[11]  Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications
R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Daniel DuVarney
ACM Symposium on Operating Systems Principles (SOSP) October, 2003.
[12]  An approach for Secure Software Installation
V.N. Venkatakrishnan, R. Sekar, Sofia Tsipa, Tapan Kamat and Zhenkai Liang
USENIX Large Installation System Administration Conference (LISA) November, 2002.
[13]  Specification-based anomaly detection: a new approach for detecting network intrusions
R. Sekar, Ajay Gupta, James Frullo, Tushar Shanbhag, Abhishek Tiwari, Henglin Yang and Sheng Zhou
ACM Conference on Computer and Communications Security (CCS) October, 2002.
[14]  Empowering mobile code using expressive security policies
V.N. Venkatakrishnan, Ram Peri and R. Sekar
New Security Paradigms Workshop (NSPW) September, 2002.
[15]  Experiences with Specification Based Intrusion Detection System
Prem Uppuluri and R. Sekar
Recent Advances in Intrusion Detection (RAID) October, 2001.
[16]  Model-Carrying Code (MCC): A New Paradigm for Mobile-Code Security
R. Sekar, C.R. Ramakrishnan, I.V. Ramakrishnan and Scott Smolka
New Security Paradigms Workshop (NSPW) September, 2001.
[17]  Model-Based Analysis of Configuration Vulnerabilities
C.R. Ramakrishnan and R. Sekar
ACM CCS Workshop on Intrusion Detection Systems (WIDS) October, 2000.
[18]  Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment
Thomas Bowen, Dana Chee, Mark Segal, R. Sekar, Tushar Shanbhag and Prem Uppuluri
DISCEX (DISCEX) February, 2000.
[19]  A High-Performance Network Intrusion Detection System
R. Sekar, Guang Yang, Shobhit Verma and Tushar Shanbhag
ACM Conference on Computer and Communications Security (CCS) November, 1999.
[20]  Synthesizing Fast Intrusion Detection/Prevention Systems from High-Level Specifications
R. Sekar and Prem Uppuluri
USENIX Security Symposium (USENIX Security) August, 1999.
[21]  On Preventing Intrusions by Process Behavior Monitoring
R. Sekar, Thomas Bowen and Mark Segal
USENIX Intrusion Detection Workshop () April, 1999.
All Publications
By Year

By Area

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Algorithms
Learning/anomaly detection
Formal methods/Foundations

By Problem

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools

Local Search


Home Contact CEWIT Center for Cyber Security SFS Scholarships

Copyright © 1999-2009 Secure Systems Laboratory, Stony Brook University. All rights reserved.