Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Publications By Year

    2009

  1. Online Signature Generation for Windows Systems
    Lixin Li, Jim Just and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2009.
  2. Practical Techniques for Regeneration and Immunization of COTS Applications
    Lixin Li, Mark R. Cornwell, E. Hultman, Jim Just and R. Sekar
    Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009.
  3. Fast Packet Classification using Condition Factorization
    Alok Tongaonkar, R. Sekar and Sreenaath Vasudevan
    Applied Cryptography and Network Security (ACNS) June, 2009.
  4. An Efficient Black-box Technique for Defeating Web Application Attacks
    R. Sekar
    ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
  5. Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
    Zhenkai Liang, Weiqing Sun, V.N. Venkatakrishnan and R. Sekar
    ACM Transactions on Information and System Security (TISSEC) January, 2009.

    2008

  6. Fast Packet Classification for Snort
    Alok Tongaonkar, Sreenaath Vasudevan and R. Sekar
    USENIX Large Installation System Administration Conference (LISA) November, 2008.
  7. Anomalous Taint Detection (Extended Abstract)
    Lorenzo Cavallaro and R. Sekar
    Recent Advances in Intrusion Detection (RAID) September, 2008.
    (Full version available as Technical Report SECLAB08-06).
  8. V-NetLab: An Approach for Realizing Logically Isolated Networks for Security Experiments
    Weiqing Sun, Varun Katta, Kumar Krishna and R. Sekar
    Workshop on Cyber Security Experimentation and Test (in conjunction with USENIX Security) (CSET) July, 2008.
  9. Expanding Malware Defense by Securing Software Installations
    Weiqing Sun, R. Sekar, Zhenkai Liang and V.N. Venkatakrishnan
    Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
  10. Data Space Randomization
    Sandeep Bhatkar and R. Sekar
    Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
  11. On the Limits of Information Flow Techniques for Malware Analysis and Containment
    Lorenzo Cavallaro, Prateek Saxena and R. Sekar
    Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
    (Supercedes SECLAB07-03, November 2007).
  12. Practical Proactive Integrity Preservation: A Basis for Malware Defense
    Weiqing Sun, R. Sekar, Gaurav Poothia and Tejas Karandikar
    IEEE Symposium on Security and Privacy (IEEE S&P) May, 2008.
  13. Efficient Fine-Grained Binary Instrumentation with Applications to Taint-Tracking
    Prateek Saxena, R. Sekar and Varun Puranik
    ACM/IEEE International Symposium on Code Generation and Optimization (CGO) April, 2008.
  14. A Practical Mimicry Attack Against Powerful System-Call Monitors
    Chetan Parampalli, R. Sekar and Rob Johnson
    ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2008.
    (Supercedes Technical Report SECLAB07-01).

    2007

  15. Inferring Higher Level Policies from Firewall Rules
    Alok Tongaonkar, Niranjan Inamdar and R. Sekar
    USENIX Large Installation System Administration Conference (LISA) November, 2007.

    2006

  16. Address-Space Randomization for Windows Systems
    Lixin Li, Jim Just and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2006.
  17. Provably Correct Runtime Enforcement of Non-Interference Properties
    V.N. Venkatakrishnan, Wei Xu, Daniel DuVarney and R. Sekar
    International Conference on Information and Communications Security (ICICS) December, 2006.
    (Supercedes Technical Report SECLAB-04-01, Stony Brook University, March, 2004.).
  18. On Supporting Active User Feedback in P3P
    V.N. Venkatakrishnan, Wei Xu and Rishi Kant Sharda
    Secure Knowledge Management Workshop (SKM) September, 2006.
  19. A Framework for Building Privacy-Conscious Composite Web Services
    Wei Xu, V.N. Venkatakrishnan, R. Sekar and I.V. Ramakrishnan
    IEEE International Conference on Web Services (ICWS) September, 2006.
    (Application Services and Industry Track).
  20. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
    Wei Xu, Sandeep Bhatkar and R. Sekar
    USENIX Security Symposium (USENIX Security) August, 2006.
    (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]).
  21. MCC End-User Management Framework
    Secure Systems Lab
    Technical Report (TR) August, 2006.
    Technical Report SECLAB06-01, Secure Systems Laboratory, Stony Brook University.
  22. Dataflow Anomaly Detection
    Sandeep Bhatkar, Abhishek Chaturvedi and R. Sekar
    IEEE Symposium on Security and Privacy (IEEE S&P) May, 2006.
    (Supercedes Technical Report SECLAB-05-03 Improving Attack Detection in Host-Based IDS by Learning Properties of System Call Arguments, July 2005.).

    2005

  23. Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models
    Zhenkai Liang and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2005.
    (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.).
  24. Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers
    Zhenkai Liang and R. Sekar
    ACM Conference on Computer and Communications Security (CCS) November, 2005.
    (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.).
  25. Efficient Techniques for Comprehensive Protection from Memory Error Exploits
    Sandeep Bhatkar, R. Sekar and Daniel DuVarney
    USENIX Security Symposium (USENIX Security) August, 2005.
  26. V-NetLab: A Cost-Effective Platform to Support Course Projects in Computer Security
    Kumar Krishna, Weiqing Sun, Pratik Rana, Tianning Li and R. Sekar
    Annual Colloquium for Information Systems Security Education (CISSE) June, 2005.
  27. An Approach for Realizing Privacy-Preserving Web-Based Services (Poster)
    Wei Xu, R. Sekar, I.V. Ramakrishnan and V.N. Venkatakrishnan
    14th International World Wide Web Conference (WWW) May, 2005.
  28. A Secure Composition Framework for Trustworthy Personal Information Assistants
    V.N. Venkatakrishnan, Wei Xu, I.V. Ramakrishnan and R. Sekar
    IEEE International Conference on Integration of Knowledge Intensive Multi-Agent Systems (KIMAS) April, 2005.
  29. Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems (Short Paper)
    Zhenkai Liang, R. Sekar and Daniel DuVarney
    USENIX Annual Technical Conference (USENIX) April, 2005.
  30. One-way Isolation: An Effective Approach for Realizing Safe Execution Environments
    Weiqing Sun, Zhenkai Liang, V.N. Venkatakrishnan and R. Sekar
    ISOC Network and Distributed Systems Symposium (NDSS) February, 2005.
    (Revised version of conference paper).

    2004

  31. Using Predators to Combat Worms and Viruses: A Simulation-Based Study
    Ajay Gupta and Daniel DuVarney
    Annual Computer Security Applications Conference (ACSAC) December, 2004.
  32. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs
    Wei Xu, Daniel DuVarney and R. Sekar
    ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2004.

    2003

  33. Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs
    Zhenkai Liang, V.N. Venkatakrishnan and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2003.
    Best paper award.
  34. Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications
    R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Daniel DuVarney
    ACM Symposium on Operating Systems Principles (SOSP) October, 2003.
  35. An Approach for Detecting Self-Propagating Email Using Anomaly Detection
    Ajay Gupta and R. Sekar
    Recent Advances in Intrusion Detection (RAID) September, 2003.
  36. SELF: a Transparent Security Extension for ELF Binaries
    Daniel DuVarney, V.N. Venkatakrishnan and Sandeep Bhatkar
    New Security Paradigms Workshop (NSPW) August, 2003.
  37. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
    Sandeep Bhatkar, Daniel DuVarney and R. Sekar
    USENIX Security Symposium (USENIX Security) August, 2003.
  38. Generation of All Counter-Examples for Push-Down Systems
    Samik Basu, Diptikalyan Saha, Yow-Jian Lin and Scott Smolka
    Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE) June, 2003.

    2002

  39. An approach for Secure Software Installation
    V.N. Venkatakrishnan, R. Sekar, Sofia Tsipa, Tapan Kamat and Zhenkai Liang
    USENIX Large Installation System Administration Conference (LISA) November, 2002.
  40. Specification-based anomaly detection: a new approach for detecting network intrusions
    R. Sekar, Ajay Gupta, James Frullo, Tushar Shanbhag, Abhishek Tiwari, Henglin Yang and Sheng Zhou
    ACM Conference on Computer and Communications Security (CCS) October, 2002.
  41. Empowering mobile code using expressive security policies
    V.N. Venkatakrishnan, Ram Peri and R. Sekar
    New Security Paradigms Workshop (NSPW) September, 2002.
  42. Model-Based Analysis of Configuration Vulnerabilities
    C.R. Ramakrishnan and R. Sekar
    Journal of Computer Security (JCS) January, 2002.

    2001

  43. Experiences with Specification Based Intrusion Detection System
    Prem Uppuluri and R. Sekar
    Recent Advances in Intrusion Detection (RAID) October, 2001.
  44. Model-Carrying Code (MCC): A New Paradigm for Mobile-Code Security
    R. Sekar, C.R. Ramakrishnan, I.V. Ramakrishnan and Scott Smolka
    New Security Paradigms Workshop (NSPW) September, 2001.
  45. A Fast Automaton-Based~Method for Detecting Anomalous Program Behaviors
    R. Sekar, Mugdha Bendre, Pradeep Bollineni and Dinakar Dhurjati
    IEEE Symposium on Security and Privacy (IEEE S&P) May, 2001.

    2000

  46. Model-Based Analysis of Configuration Vulnerabilities
    C.R. Ramakrishnan and R. Sekar
    ACM CCS Workshop on Intrusion Detection Systems (WIDS) October, 2000.
  47. User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement
    Kapil Jain and R. Sekar
    ISOC Network and Distributed Systems Symposium (NDSS) February, 2000.
  48. Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment
    Thomas Bowen, Dana Chee, Mark Segal, R. Sekar, Tushar Shanbhag and Prem Uppuluri
    DISCEX (DISCEX) February, 2000.

    1999

  49. A High-Performance Network Intrusion Detection System
    R. Sekar, Guang Yang, Shobhit Verma and Tushar Shanbhag
    ACM Conference on Computer and Communications Security (CCS) November, 1999.
  50. Synthesizing Fast Intrusion Detection/Prevention Systems from High-Level Specifications
    R. Sekar and Prem Uppuluri
    USENIX Security Symposium (USENIX Security) August, 1999.
  51. On Preventing Intrusions by Process Behavior Monitoring
    R. Sekar, Thomas Bowen and Mark Segal
    USENIX Intrusion Detection Workshop () April, 1999.

    1998

  52. A Specification-Based Approach for Building Survivable Systems
    R. Sekar, Yong Cai and Mark Segal
    National Information Systems Security Conference (NISSC) October, 1998.
  53. Model-Based Vulnerability Analysis of Computer Systems
    C.R. Ramakrishnan and R. Sekar
    Verification, Model Checking, and Abstract Interpretation (VMCAI) September, 1998.
All Publications
By Year

By Area

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Algorithms
Learning/anomaly detection
Formal methods/Foundations

By Problem

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools

Local Search


Home Contact CEWIT Center for Cyber Security SFS Scholarships

Copyright © 1999-2009 Secure Systems Laboratory, Stony Brook University. All rights reserved.