Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Publications By Year

    2017

  1. Protecting COTS Binaries from Disclosure-guided Code Reuse Attacks
    Mingwei Zhang, Michalis Polychronakis and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2017.
  2. SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data
    Md Nahid Hossain, Sadegh Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott D. Stoller and V.N. Venkatakrishnan
    USENIX Security Symposium (USENIX Security) August, 2017.
  3. Function Interface Analysis: A Principled Approach for Function Recognition in COTS Binaries
    Rui Qiao and R. Sekar
    Dependable Systems and Networks (DSN) June, 2017.
    (Supercedes SECLAB16-05, May 2016).
  4. NORAX: Enabling Execute-Only Memory for COTS Binaries on AArch64
    Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed Azab, Long Lu, Hayawardh Vijayakumar and Wenbo Shen
    IEEE Symposium on Security and Privacy (IEEE S&P) May, 2017.
  5. Function Recovery for COTS Binaries
    Rui Qiao
    PhD Dissertation (Stony Brook University) May, 2017.
  6. Memory corruption mitigation via hardening and testing
    Laszlo Szekeres
    PhD Dissertation (Stony Brook University) May, 2017.

    2016

  7. Extracting Instruction Semantics Via Symbolic Execution of Code Generators
    Niranjan Hasabnis and R. Sekar
    ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2016.
  8. Hardening OpenStack Cloud Platforms against Compute Node Compromises
    Wai-Kit Sze, Abhinav Srivastava and R. Sekar
    ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2016.
  9. A New Approach for Rowhammer Attacks
    Rui Qiao and Mark Seaborn
    IEEE International Symposium on Hardware Oriented Security and Trust (HOST) May, 2016.
  10. Enhancing Multi-user OS with Network Provenance for Systematic Malware Defense
    Wai-Kit Sze
    PhD Dissertation (Stony Brook University) May, 2016.
  11. Securing Web Applications
    Riccardo Pelizzi
    PhD Dissertation (Stony Brook University) May, 2016.
  12. Lifting Assembly to Intermediate Representation: A Novel Approach Leveraging Compilers
    Niranjan Hasabnis and R. Sekar
    ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) April, 2016.
  13. ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
    Zelalem Aweke, Salessawi Yitbarek, Rui Qiao, Reetuparna Das, Matthew Hicks, Yossi Oren and Todd Austin
    ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) April, 2016.
  14. Condition Factorization: A Technique for Building Fast and Compact Packet Matching Automata
    Alok Tongaonkar and R. Sekar
    IEEE Transactions on Information Forensics and Security (IEEE TIFS) March, 2016.

    2015

  15. A Principled Approach for ROP Defense
    Rui Qiao, Mingwei Zhang and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2015.
  16. Provenance-based Integrity Protection for Windows
    Wai-Kit Sze and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2015.
  17. JaTE: Transparent and Efficient JavaScript Confinement
    Tung Tran, Riccardo Pelizzi and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2015.
  18. Code and Control Flow Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks
    Mingwei Zhang and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2015.
  19. Squeezing the Dynamic Loader For Fun And Profit
    Mingwei Zhang and R. Sekar
    Technical Report (TR) December, 2015.
  20. Harbormaster: Policy Enforcement for Containers
    Mingwei Zhang, Daniel Marino and Petros Efstathopoulos
    IEEE CloudCom (CloudCom) November, 2015.
  21. WebSheets: Web Applications for Non-Programmers
    Riccardo Pelizzi and R. Sekar
    New Security Paradigms Workshop (NSPW) September, 2015.
  22. Static Binary Instrumentation with Applications to COTS Software Security
    Mingwei Zhang
    PhD Dissertation (Stony Brook University) August, 2015.
  23. Automatic Synthesis of Instruction Set Semantics
    Niranjan Hasabnis
    PhD Dissertation (Stony Brook University) July, 2015.
  24. Automatic Generation of Assembly to IR Translators Using Compilers
    Niranjan Hasabnis and R. Sekar
    Workshop on Architectural and Microarchitectural Support for Binary Translation (AMAS-BT) February, 2015.
  25. Checking Correctness of Code Generator Architecture Specifications
    Niranjan Hasabnis, Rui Qiao and R. Sekar
    ACM/IEEE International Symposium on Code Generation and Optimization (CGO) February, 2015.

    2014

  26. Code-Pointer Integrity
    Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar and Dawn Song
    USENIX Operating System Design and Implementation (OSDI) October, 2014.
  27. Comprehensive Integrity Protection for Desktop Linux (Demo)
    Wai-Kit Sze and R. Sekar
    ACM Symposium on Access Control Models and Technologies (SACMAT) June, 2014.
  28. Towards More Usable Information Flow Policies for Contemporary Operating Systems
    Wai-Kit Sze, Bhuvan Mital and R. Sekar
    ACM Symposium on Access Control Models and Technologies (SACMAT) June, 2014.

    Honorable mention for Best paper.
  29. Eternal War in Memory
    Laszlo Szekeres, Mathias Payer, Tao Wei and R. Sekar
    IEEE Security and Privacy Magazine (S&P Magazine) May, 2014.
  30. A Platform for Secure Static Binary Instrumentation
    Mingwei Zhang, Rui Qiao, Niranjan Hasabnis and R. Sekar
    Virtual Execution Environments (VEE) March, 2014.

    2013

  31. A Portable User-Level Approach for System-wide Integrity Protection
    Wai-Kit Sze and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2013.
  32. Control Flow Integrity for COTS Binaries
    Mingwei Zhang and R. Sekar
    USENIX Security Symposium (USENIX Security) August, 2013.

    Best paper award!.
  33. SoK: Eternal War in Memory
    Laszlo Szekeres, Mathias Payer, Tao Wei and Dawn Song
    IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.
  34. Practical Control Flow Integrity and Randomization for Binary Executables
    Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song and Wei Zou
    IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.
  35. Protecting Function Pointers in Binary
    Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant and Laszlo Szekeres
    ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2013.

    2012

  36. Protection, Usability and Improvements in Reflected XSS Filters
    Riccardo Pelizzi and R. Sekar
    ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2012.
  37. Light-weight Bounds Checking
    Niranjan Hasabnis, Ashish Misra and R. Sekar
    ACM/IEEE International Symposium on Code Generation and Optimization (CGO) April, 2012.

    2011

  38. A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications
    Riccardo Pelizzi and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2011.
  39. Taint-Enhanced Anomaly Detection
    Lorenzo Cavallaro and R. Sekar
    International Conference on Information Systems Security (ICISS) December, 2011.

    2010

  40. PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs
    Yves Younan, Pieter Philippaerts, Lorenzo Cavallaro, R. Sekar, Frank Piessens and Wouter Joosen
    ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2010.

    2009

  41. Online Signature Generation for Windows Systems
    Lixin Li, Jim Just and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2009.
  42. Efficient Techniques for Fast Packet Classification
    Alok Tongaonkar
    PhD Dissertation (Stony Brook University) August, 2009.
  43. Practical Techniques for Regeneration and Immunization of COTS Applications
    Lixin Li, Mark R. Cornwell, E. Hultman, Jim Just and R. Sekar
    Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009.
  44. Fast Packet Classification using Condition Factorization
    Alok Tongaonkar, R. Sekar and Sreenaath Vasudevan
    Applied Cryptography and Network Security (ACNS) June, 2009.
  45. An Efficient Black-box Technique for Defeating Web Application Attacks
    R. Sekar
    ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
  46. Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
    Zhenkai Liang, Weiqing Sun, V.N. Venkatakrishnan and R. Sekar
    ACM Transactions on Information and System Security (TISSEC) January, 2009.

    2008

  47. Fast Packet Classification for Snort
    Alok Tongaonkar, Sreenaath Vasudevan and R. Sekar
    USENIX Large Installation System Administration Conference (LISA) November, 2008.
  48. Anomalous Taint Detection (Extended Abstract)
    Lorenzo Cavallaro and R. Sekar
    Recent Advances in Intrusion Detection (RAID) September, 2008.
    (Full version available as Technical Report SECLAB08-06).
  49. A Practical Technique for Containment of Untrusted Plug-ins
    Prateek Saxena, R. Sekar, Mithun Iyer and Varun Puranik
    Technical Report (TR) August, 2008.
  50. V-NetLab: An Approach for Realizing Logically Isolated Networks for Security Experiments
    Weiqing Sun, Varun Katta, Kumar Krishna and R. Sekar
    Workshop on Cyber Security Experimentation and Test (in conjunction with USENIX Security) (CSET) July, 2008.
  51. Expanding Malware Defense by Securing Software Installations
    Weiqing Sun, R. Sekar, Zhenkai Liang and V.N. Venkatakrishnan
    Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
  52. Data Space Randomization
    Sandeep Bhatkar and R. Sekar
    Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
  53. On the Limits of Information Flow Techniques for Malware Analysis and Containment
    Lorenzo Cavallaro, Prateek Saxena and R. Sekar
    Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
    (Supercedes SECLAB07-03, November 2007).
  54. Practical Proactive Integrity Preservation: A Basis for Malware Defense
    Weiqing Sun, R. Sekar, Gaurav Poothia and Tejas Karandikar
    IEEE Symposium on Security and Privacy (IEEE S&P) May, 2008.
  55. Efficient Fine-Grained Binary Instrumentation with Applications to Taint-Tracking
    Prateek Saxena, R. Sekar and Varun Puranik
    ACM/IEEE International Symposium on Code Generation and Optimization (CGO) April, 2008.
  56. A Practical Mimicry Attack Against Powerful System-Call Monitors
    Chetan Parampalli, R. Sekar and Rob Johnson
    ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2008.
    (Supercedes Technical Report SECLAB07-01).
  57. Comprehensive Memory Error Protection via Diversity and Taint-Tracking
    Lorenzo Cavallaro
    PhD Dissertation (Stony Brook University) February, 2008.

    2007

  58. Inferring Higher Level Policies from Firewall Rules
    Alok Tongaonkar, Niranjan Inamdar and R. Sekar
    USENIX Large Installation System Administration Conference (LISA) November, 2007.
  59. Static Binary Analysis And Transformation For Sandboxing Untrusted Plugins
    Prateek Saxena
    Master's Thesis (Stony Brook University) August, 2007.

    2006

  60. Address-Space Randomization for Windows Systems
    Lixin Li, Jim Just and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2006.
  61. Provably Correct Runtime Enforcement of Non-Interference Properties
    V.N. Venkatakrishnan, Wei Xu, Daniel DuVarney and R. Sekar
    International Conference on Information and Communications Security (ICICS) December, 2006.
    (Supercedes Technical Report SECLAB-04-01, Stony Brook University, March, 2004.).
  62. On Supporting Active User Feedback in P3P
    V.N. Venkatakrishnan, Wei Xu and Rishi Kant Sharda
    Secure Knowledge Management Workshop (SKM) September, 2006.
  63. A Framework for Building Privacy-Conscious Composite Web Services
    Wei Xu, V.N. Venkatakrishnan, R. Sekar and I.V. Ramakrishnan
    IEEE International Conference on Web Services (ICWS) September, 2006.
    (Application Services and Industry Track).
  64. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
    Wei Xu, Sandeep Bhatkar and R. Sekar
    USENIX Security Symposium (USENIX Security) August, 2006.
    (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]).
  65. MCC End-User Management Framework
    Secure Systems Lab
    Technical Report (TR) August, 2006.
    Technical Report SECLAB06-01, Secure Systems Laboratory, Stony Brook University.
  66. Dataflow Anomaly Detection
    Sandeep Bhatkar, Abhishek Chaturvedi and R. Sekar
    IEEE Symposium on Security and Privacy (IEEE S&P) May, 2006.
    (Supercedes Technical Report SECLAB-05-03 Improving Attack Detection in Host-Based IDS by Learning Properties of System Call Arguments, July 2005.).

    2005

  67. Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models
    Zhenkai Liang and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2005.
    (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.).
  68. Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers
    Zhenkai Liang and R. Sekar
    ACM Conference on Computer and Communications Security (CCS) November, 2005.
    (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.).
  69. Efficient Techniques for Comprehensive Protection from Memory Error Exploits
    Sandeep Bhatkar, R. Sekar and Daniel DuVarney
    USENIX Security Symposium (USENIX Security) August, 2005.
  70. V-NetLab: A Cost-Effective Platform to Support Course Projects in Computer Security
    Kumar Krishna, Weiqing Sun, Pratik Rana, Tianning Li and R. Sekar
    Annual Colloquium for Information Systems Security Education (CISSE) June, 2005.
  71. An Approach for Realizing Privacy-Preserving Web-Based Services (Poster)
    Wei Xu, R. Sekar, I.V. Ramakrishnan and V.N. Venkatakrishnan
    14th International World Wide Web Conference (WWW) May, 2005.
  72. A Secure Composition Framework for Trustworthy Personal Information Assistants
    V.N. Venkatakrishnan, Wei Xu, I.V. Ramakrishnan and R. Sekar
    IEEE International Conference on Integration of Knowledge Intensive Multi-Agent Systems (KIMAS) April, 2005.
  73. Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems (Short Paper)
    Zhenkai Liang, R. Sekar and Daniel DuVarney
    USENIX Annual Technical Conference (USENIX) April, 2005.
  74. One-way Isolation: An Effective Approach for Realizing Safe Execution Environments
    Weiqing Sun, Zhenkai Liang, V.N. Venkatakrishnan and R. Sekar
    ISOC Network and Distributed Systems Symposium (NDSS) February, 2005.
    (Revised version of conference paper).

    2004

  75. Using Predators to Combat Worms and Viruses: A Simulation-Based Study
    Ajay Gupta and Daniel DuVarney
    Annual Computer Security Applications Conference (ACSAC) December, 2004.
  76. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs
    Wei Xu, Daniel DuVarney and R. Sekar
    ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2004.

    2003

  77. Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs
    Zhenkai Liang, V.N. Venkatakrishnan and R. Sekar
    Annual Computer Security Applications Conference (ACSAC) December, 2003.
    Best paper award.
  78. Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications
    R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Daniel DuVarney
    ACM Symposium on Operating Systems Principles (SOSP) October, 2003.
  79. An Approach for Detecting Self-Propagating Email Using Anomaly Detection
    Ajay Gupta and R. Sekar
    Recent Advances in Intrusion Detection (RAID) September, 2003.
  80. SELF: a Transparent Security Extension for ELF Binaries
    Daniel DuVarney, V.N. Venkatakrishnan and Sandeep Bhatkar
    New Security Paradigms Workshop (NSPW) August, 2003.
  81. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
    Sandeep Bhatkar, Daniel DuVarney and R. Sekar
    USENIX Security Symposium (USENIX Security) August, 2003.
  82. Generation of All Counter-Examples for Push-Down Systems
    Samik Basu, Diptikalyan Saha, Yow-Jian Lin and Scott Smolka
    Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE) June, 2003.

    2002

  83. An approach for Secure Software Installation
    V.N. Venkatakrishnan, R. Sekar, Sofia Tsipa, Tapan Kamat and Zhenkai Liang
    USENIX Large Installation System Administration Conference (LISA) November, 2002.
  84. Specification-based anomaly detection: a new approach for detecting network intrusions
    R. Sekar, Ajay Gupta, James Frullo, Tushar Shanbhag, Abhishek Tiwari, Henglin Yang and Sheng Zhou
    ACM Conference on Computer and Communications Security (CCS) October, 2002.
  85. Empowering mobile code using expressive security policies
    V.N. Venkatakrishnan, Ram Peri and R. Sekar
    New Security Paradigms Workshop (NSPW) September, 2002.
  86. Model-Based Analysis of Configuration Vulnerabilities
    C.R. Ramakrishnan and R. Sekar
    Journal of Computer Security (JCS) January, 2002.

    2001

  87. Experiences with Specification Based Intrusion Detection System
    Prem Uppuluri and R. Sekar
    Recent Advances in Intrusion Detection (RAID) October, 2001.
  88. Model-Carrying Code (MCC): A New Paradigm for Mobile-Code Security
    R. Sekar, C.R. Ramakrishnan, I.V. Ramakrishnan and Scott Smolka
    New Security Paradigms Workshop (NSPW) September, 2001.
  89. A Fast Automaton-Based~Method for Detecting Anomalous Program Behaviors
    R. Sekar, Mugdha Bendre, Pradeep Bollineni and Dinakar Dhurjati
    IEEE Symposium on Security and Privacy (IEEE S&P) May, 2001.

    2000

  90. Model-Based Analysis of Configuration Vulnerabilities
    C.R. Ramakrishnan and R. Sekar
    ACM CCS Workshop on Intrusion Detection Systems (WIDS) October, 2000.
  91. User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement
    Kapil Jain and R. Sekar
    ISOC Network and Distributed Systems Symposium (NDSS) February, 2000.
  92. Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment
    Thomas Bowen, Dana Chee, Mark Segal, R. Sekar, Tushar Shanbhag and Prem Uppuluri
    DISCEX (DISCEX) February, 2000.

    1999

  93. A High-Performance Network Intrusion Detection System
    R. Sekar, Guang Yang, Shobhit Verma and Tushar Shanbhag
    ACM Conference on Computer and Communications Security (CCS) November, 1999.
  94. Synthesizing Fast Intrusion Detection/Prevention Systems from High-Level Specifications
    R. Sekar and Prem Uppuluri
    USENIX Security Symposium (USENIX Security) August, 1999.
  95. On Preventing Intrusions by Process Behavior Monitoring
    R. Sekar, Thomas Bowen and Mark Segal
    USENIX Intrusion Detection Workshop () April, 1999.

    1998

  96. A Specification-Based Approach for Building Survivable Systems
    R. Sekar, Yong Cai and Mark Segal
    National Information Systems Security Conference (NISSC) October, 1998.
  97. Model-Based Vulnerability Analysis of Computer Systems
    C.R. Ramakrishnan and R. Sekar
    Verification, Model Checking, and Abstract Interpretation (VMCAI) September, 1998.
All Publications
By Year

By Area

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Algorithms
Learning/anomaly detection
Formal methods/Foundations


By Problem

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools


Local Search



Home Contact NSI Computer Science Stony Brook University

Copyright © 1999-2013 Secure Systems Laboratory, Stony Brook University. All rights reserved.