Publications

  1. Data Space Randomization, [PDF]
    Sandeep Bhatkar and R. Sekar,
    Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA), July 2008.
  2. On the Limits of Information Flow Techniques for Malware Analysis and Containment, [PDF]
    Lorenzo Cavallaro, Prateek Saxena, and R. Sekar,
    Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA), July 2008.
    3. (Supercedes SECLAB07-03, November 2007)
  3. Anomalous Taint Detection, [PDF]
    Technical Report SECLAB08-06, Secure Systems Laboratory, Stony Brook University, 2008.
  4. Practical Proactive Integrity Preservation: A Basis for Malware Defense, [PDF]
    Weiqing Sun, R. Sekar, Gaurav Poothia and Tejas Karandikar
    IEEE Symposium on Security and Privacy, May 2008.
  5. Efficient Fine-Grained Binary Instrumentation with Applications to Taint-Tracking, [PDF]
    Prateek Saxena, R. Sekar and Varun Puranik,
    International Symposium on Code Generation and Optimization (CGO), April 2008.
  6. A Practical Mimicry Attack Against Powerful System-Call Monitors, [PDF]
    Chetan Parampalli, R. Sekar and Rob Johnson,
    ACM Symposium on Information, Computer and Communications Security (ASIACCS), March 2008.
    (Supercedes Technical Report SECLAB07-01)
  7. Inferring Higher Level Policies from Firewall Rules, [PDF]
    Alok Tongaonkar, Niranjan Inamdar, and R. Sekar,
    21th USENIX LISA conference (LISA'07), Dallas, TX, November 2007.
  8. Address-Space Randomization for Windows Systems, [PDF]
    22nd Annual Computer Security Applications Conference (ACSAC), Miami, December, 2006.
  9. Provably Correct Runtime Enforcement of Non-Interference Properties, [PDF]
    V.N. Venkatakrishnan, Wei Xu, Daniel DuVarney and R. Sekar,
    8th International Conference on Information and Communications Security (ICICS'06), Raleigh, NC, December 2006.
  10. On Supporting Active User Feedback in P3P, [PDF]
    V.N. Venkatakrishnan, Wei Xu, and Rishi Kant Sharda,
    2nd Secure Knowledge Management Workshop (SKM'06), New York, NY, September 2006.
  11. A Framework for Building Privacy-Conscious Composite Web Services, [PDF]
    Wei Xu, V.N. Venkatakrishnan, R. Sekar, and I.V. Ramakrishnan,
    4th IEEE International Conference on Web Services (ICWS'06) (Application Services and Industry Track), Chicago, IL, September 2006.
  12. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks, [PS] [PDF]
    Wei Xu, Sandeep Bhatkar, and R. Sekar,
    15th USENIX Security Symposium, Vancouver, BC, Canada, August 2006.
    (An earlier version appeared as Technical Report SECLAB-05-06, November 2005.
    Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and
    Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF])
  13. MCC End-User Management Framework, [PDF]
    Technical Report SECLAB06-01, Secure Systems Laboratory, Stony Brook University, 2006.
  14. Dataflow Anomaly Detection, [PDF]
    Sandeep Bhatkar, Abhishek Chaturvedi, and R. Sekar,
    IEEE Symposium on Security and Privacy, May 2006.
    (Supercedes Technical Report SECLAB-05-03 Improving Attack Detection in Host-Based IDS by Learning Properties of System Call Arguments , July 2005.)
  15. Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models, [PDF]
    Zhenkai Liang and R. Sekar,
    21st Annual Computer Security Applications Conference (ACSAC), Tucson, AZ, December 2005.
    (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.)
  16. Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers,[PDF]
    Zhenkai Liang and R. Sekar,
    12th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, November 2005.
    (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.)
  17. Efficient Techniques for Comprehensive Protection from Memory Error Exploits, [PS] [PDF]
    Sandeep Bhatkar, R. Sekar and Daniel C. DuVarney,
    14th USENIX Security Symposium, Baltimore MD, August 2005.
  18. V-NetLab: A Cost-Effective Platform to Support Course Projects in Computer Security, [PDF]
    Kumar Krishna, Weiqing Sun, Pratik Rana, Tianning Li and R.Sekar,
    9th Annual Colloquium for Information Systems Security Education (CISSE 05), Atlanta, GA, June 2005.
  19. An Approach for Realizing Privacy-Preserving Web-Based Services, [PS] [PDF]
    Wei Xu, R. Sekar, I.V. Ramakrishnan and V.N. Venkatakrishnan,
    14th International World Wide Web Conference (WWW '05) (Special interest tracks and posters), Chiba, Japan, May 2005.
  20. A Secure Composition Framework for Trustworthy Personal Information Assistants, [PS] [PDF]
    V.N. Venkatakrishnan, Wei Xu, I.V. Ramakrishnan and R. Sekar,
    IEEE International Conference on Integration of Knowledge Intensive Multi-Agent Systems (KIMAS '05), Waltham MA, April 2005.
  21. Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems, [PS] [PDF]
    Zhenkai Liang, R. Sekar and Daniel C. DuVarney,
    USENIX Annual Technical Conference, (Short paper), Anaheim CA, April 2005.
  22. One-way Isolation: An Effective Approach for Realizing Safe Execution Environments, [PS] [PDF](Revised version of conference paper)
    Weiqing Sun, Zhenkai Liang, V.N. Venkatakrishnan, and R. Sekar,
    ISOC Network and Distributed Systems Symposium (NDSS), San Diego, February 2005.
  23. Using Predators to Combat Worms and Viruses: A Simulation-Based Study, [PDF]
    Ajay Gupta and Daniel C. Duvarney
    Annual Computer Security Applications Conference (ACSAC), Arizona, December 2004.
  24. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs, [PS.GZ] [PDF]
    Wei Xu, Daniel C. Duvarney, and R. Sekar,
    12th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (SIGSOFT 2004/FSE-12), California, November 2004.
  25. A Program Transformation Technique for Enforcement of Information Flow Properties, [PS]
    V.N. Venkatakrishnan, Daniel C. DuVarney, Wei Xu, R. Sekar,
    Technical Report SECLAB-04-01, Department of Computer Science, Stony Brook University, March, 2004.
  26. Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs, [PS] [PDF]
    Z. Liang, V.N. Venkatakrishnan and R. Sekar,
    Annual Computer Security Applications Conference (ACSAC), Las Vegas, December 2003. Best paper award!
  27. SELF: a Transparent Security Extension for ELF Binaries, [PS] [PDF]
    Daniel C. DuVarney, V.N. Venkatakrishnan and Sandeep Bhatkar,
    New Security Paradigms Workshop (NSPW), Ascona, Switzerland, August 2003.
  28. An Approach for Detecting Self-Propagating Email Using Anomaly Detection, [PS] [PDF]
    A. Gupta and R. Sekar,
    Recent Advances in Intrusion Detection (RAID), September 2003.
  29. Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications, [PS] [PDF]
    R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Dan DuVarney,
    19th ACM Symposium on Operating Systems Principles (SOSP), New York, October 2003.
  30. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits, [PS] [PDF]
    Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar,
    12th USENIX Security Symposium, Washington, DC, August 2003.
  31. Specification-based anomaly detection: a new approach for detecting network intrusions, [PS] [PDF]
    R. Sekar, A. Gupta et al.,
    ACM Computer and Communication Security Conference (CCS), 2002.
  32. An approach for Secure Software Installation, [PS] [PDF]
    V.N. Venkatakrishnan, R. Sekar, S. Tsipa, T. Kamat and Z. Liang,
    16th USENIX LISA conference, Philadelphia, November 2002.
  33. Empowering mobile code using expressive security policies, [PS] [PDF]
    V.N. Venkatakrishnan, Peri Ram and R. Sekar,
    10th New Security Paradigms Workshop (NSPW), Virginia Beach, September 2002.
  34. Model-Based Analysis of Configuration Vulnerabilities, [PS] [PDF]
    C.R. Ramakrishnan and R. Sekar,
    Journal of Computer Security.
  35. Model-Carrying Code (MCC): A New Paradigm for Mobile-Code Security, [PDF]
    R. Sekar, C.R. Ramakrishnan, I.V. Ramakrishnan, Scott A. Smolka,
    New Security Paradigms Workshop (NSPW), Cloudcroft, New Mexico, September 2001.
  36. Experiences with Specification Based Intrusion Detection System, [PS] [PDF]
    P. Uppuluri and R. Sekar,
    Recent Advances in Intrusion Detection (RAID), October 2001.
  37. A Fast Automaton-Based~Method for Detecting Anomalous Program Behaviors, [PS] [PDF]
    R. Sekar, M. Bendre, P. Bollineni and D. Dhurjati,
    IEEE Symposium on Security and Privacy, 2001.
  38. User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement, [PS] [PDF]
    K. Jain and R. Sekar,
    ISOC Network and Distributed Systems Symposium (NDSS), 2000.
  39. Model-Based Analysis of Configuration Vulnerabilities, [PS] [PDF]
    C.R. Ramakrishnan and R. Sekar,
    ACM CCS Workshop on Intrusion Detection Systems,2000.
  40. Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment, [PDF]
    T. Bowen, D. Chee, M. Segal, R. Sekar, T. Shanbhag and P. Uppuluri,
    DISCEX, 2000.
  41. A High-Performance Network Intrusion Detection System, [PS] [PDF]
    R. Sekar, Y. Guang, S. Verma and T. Shanbhag,
    ACM Symposium on Computer and Communication Security (CCS), 1999.
  42. Synthesizing Fast Intrusion Detection/Prevention Systems from High-Level Specifications, [PS] [PDF]
    R. Sekar and P. Uppuluri,
    USENIX Security Symposium, 1999.
  43. On Preventing Intrusions by Process Behavior Monitoring, [PS] [PDF]
    R. Sekar, T. Bowen and M. Segal,
    USENIX Intrusion Detection Workshop, 1999.
  44. A Specification-Based Approach for Building Survivable Systems, [PS] [PDF]
    R. Sekar, Yong Cai, and Mark Segal,
    National Information Systems Security Conference, 1998.
  45. Model-Based Vulnerability Analysis of Computer Systems, [PS] [PDF]
    C.R. Ramakrishnan and R. Sekar,
    Second International Workshop on Verification, Model Checking, and Abstract Interpretation (VMCAI), Pisa, Italy, September 1998.
International Conference on Information Systems Security (ICISS 2008)