Publications in Policy/Specification Languages

[1]  A New Tag-Based Approach for Real-Time Detection of Advanced Cyber Attacks

Md Nahid Hossain
PhD Dissertation (Stony Brook University) January, 2022.

[2]  On the Effectiveness of Cyber-Attack Campaign Investigation with Reduced Audit Logs

Maggie Zhou
Undergraduate (Honors) Thesis (Stony Brook University) January, 2021.

[3]  Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics

Md Nahid Hossain, Sanaz Sheikhi and R. Sekar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2020.
(A 2-minute demo and the conference presentation are also available.).

[4]  HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows

Sadegh Milajerdi, Rigel Gjomemo, Birhanu Eshete, R. Sekar and V.N. Venkatakrishnan
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2019.

[5]  SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data

Md Nahid Hossain, Sadegh Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott D. Stoller and V.N. Venkatakrishnan
USENIX Security Symposium (USENIX Security) August, 2017. (Talk).

[6]  WebSheets: Web Applications for Non-Programmers

Riccardo Pelizzi and R. Sekar
New Security Paradigms Workshop (NSPW) September, 2015.

[7]  An Efficient Black-box Technique for Defeating Web Application Attacks

R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.

[8]  Fast Packet Classification for Snort

Alok Tongaonkar, Sreenaath Vasudevan and R. Sekar
USENIX Large Installation System Administration Conference (LISA) November, 2008.

[9]  Expanding Malware Defense by Securing Software Installations

Weiqing Sun, R. Sekar, Zhenkai Liang and V.N. Venkatakrishnan
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.

[10]  Practical Proactive Integrity Preservation: A Basis for Malware Defense

Weiqing Sun, R. Sekar, Gaurav Poothia and Tejas Karandikar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2008.

[11]  Inferring Higher Level Policies from Firewall Rules

Alok Tongaonkar, Niranjan Inamdar and R. Sekar
USENIX Large Installation System Administration Conference (LISA) November, 2007.

[12]  A Framework for Building Privacy-Conscious Composite Web Services

Wei Xu, V.N. Venkatakrishnan, R. Sekar and I.V. Ramakrishnan
IEEE International Conference on Web Services (ICWS) September, 2006. (Application Services and Industry Track).

[13]  On Supporting Active User Feedback in P3P

V.N. Venkatakrishnan, Wei Xu and Rishi Kant Sharda
Secure Knowledge Management Workshop (SKM) September, 2006.

[14]  Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks

Wei Xu, Sandeep Bhatkar and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2006. (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]).

[15]  An Approach for Realizing Privacy-Preserving Web-Based Services (Poster)

Wei Xu, R. Sekar, I.V. Ramakrishnan and V.N. Venkatakrishnan
14th International World Wide Web Conference (WWW) May, 2005.

[16]  A Secure Composition Framework for Trustworthy Personal Information Assistants

V.N. Venkatakrishnan, Wei Xu, I.V. Ramakrishnan and R. Sekar
IEEE International Conference on Integration of Knowledge Intensive Multi-Agent Systems (KIMAS) April, 2005.

[17]  Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications

R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Daniel DuVarney
ACM Symposium on Operating Systems Principles (SOSP) October, 2003.

[18]  An approach for Secure Software Installation

V.N. Venkatakrishnan, R. Sekar, Sofia Tsipa, Tapan Kamat and Zhenkai Liang
USENIX Large Installation System Administration Conference (LISA) November, 2002.

[19]  Specification-based anomaly detection: a new approach for detecting network intrusions

R. Sekar, Ajay Gupta, James Frullo, Tushar Shanbhag, Abhishek Tiwari, Henglin Yang and Sheng Zhou
ACM Conference on Computer and Communications Security (CCS) October, 2002.

[20]  Empowering mobile code using expressive security policies

V.N. Venkatakrishnan, Ram Peri and R. Sekar
New Security Paradigms Workshop (NSPW) September, 2002.

[21]  Experiences with Specification Based Intrusion Detection System

Prem Uppuluri and R. Sekar
Recent Advances in Intrusion Detection (RAID) October, 2001.

[22]  Model-Carrying Code (MCC): A New Paradigm for Mobile-Code Security

R. Sekar, C.R. Ramakrishnan, I.V. Ramakrishnan and Scott Smolka
New Security Paradigms Workshop (NSPW) September, 2001.

[23]  Model-Based Analysis of Configuration Vulnerabilities

C.R. Ramakrishnan and R. Sekar
ACM CCS Workshop on Intrusion Detection Systems (WIDS) October, 2000.

[24]  Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment

Thomas Bowen, Dana Chee, Mark Segal, R. Sekar, Tushar Shanbhag and Prem Uppuluri
DISCEX (DISCEX) February, 2000.

[25]  A High-Performance Network Intrusion Detection System

R. Sekar, Guang Yang, Shobhit Verma and Tushar Shanbhag
ACM Conference on Computer and Communications Security (CCS) November, 1999.

[26]  Synthesizing Fast Intrusion Detection/Prevention Systems from High-Level Specifications

R. Sekar and Prem Uppuluri
USENIX Security Symposium (USENIX Security) August, 1999.

[27]  On Preventing Intrusions by Process Behavior Monitoring

R. Sekar, Thomas Bowen and Mark Segal
USENIX Intrusion Detection Workshop () April, 1999.

By Area

By Problem

Local Search