Latest Publications
G. Kim, S. Hong, M. Franz, and D.K. Song; "Improving Cross-Platform Binary Analysis using Representation Learning via Graph Alignment;"' in ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2022), Seoul, South Korea; July 2022. (61 papers accepted out of 250 submissions = 25.6%)
P. Kirth, M. Dickerson, S. Crane, P. Larsen, A. Dabrowski, D. Gens, Y. Na, S. Volckaert, and M. Franz; "PKRU-Safe: Automatically Locking Down the Heap Between Safe and Unsafe Languages;" in EuroSys 2022, Rennes, France; April 2022. Best Paper Award (45 papers accepted out of 161 submissions = 27.6%)
C. Deshpande, D. Gens, and M. Franz; "StackBERT: Machine Learning Assisted Static Stack Frame Size Recovery On Stripped and Optimized Binaries;" in 14th ACM Workshop on Artificial Intelligence and Security (AISec 2021), Seoul, South Korea; November 2021.
A. Dabrowski, K. Pfeffer, M. Reichel, A. Mai, E. Weippl, and M. Franz; "Better Keep Cash in Your Boots – Hardware Wallets Are the New Single Point of Failure"' in 2021 ACM Workshop on Decentralized Finance and Security (DeFi21), Seoul, South Korea; November 2021.
K. Pfeffer, A. Mai, A. Dabrowski, M. Gusenbauer, P. Schindler, E. Weippl, M. Franz, and K. Krombholz; "On the Usability of Authenticity Checks for Hardware Security Tokens;" in USENIX Security 2021, Vancouver, British Columbia; August 2021 (248 papers accepted out of 1,319 submissions = 18.8%)
A. Voulimeneas, D. Song, P. Larsen, M. Franz, and S. Volckaert, "dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting;" in 14th European Workshop on Systems Security (EuroSec 2021), Edinburgh, Scotland; April 2021.
P. Larsen and M. Franz; "Adoption Challenges of Code Randomization," in Proceedings of the 7th ACM Workshop on Moving Target Defense (MTD 2020); November 2020.
D. Song, F. Hetzelt, J. Kim, B. Kang, J. Seifert, and M. Franz; "Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints;" in USENIX Security 2020, Boston, Massachusetts; August 2020. (157 papers accepted out of 977 submissions = 16%)
Z. Kenjar, T. Frassetto, D. Gens, M. Franz, and A. Sadeghi; "V0LTpwn: Attacking x86 Processor Integrity from Software;" in USENIX Security 2020, Boston, Massachusetts; August 2020. (157 papers accepted out of 977 submissions = 16%)
P. Rajasekaran, S. Crane, D. Gens, Y. Na, S. Volckaert, and M. Franz; "CoDaRR : Continuous Data Space Randomization against Data-Only Attacks;" to appear in 15th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2020), Taipei, Taiwan; October 2020. (67 papers accepted out of 308 submissions = 22%)
A. Voulimeneas, D. Song, F. Parzefall, Y. Na, P. Larsen, M Franz, and S. Volckaert; "Distributed Heterogeneous N-Variant Execution;" in 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2020), Lisbon, Portugal; June 2020. (13 papers accepted out of 45 submissions = 28.9%)
A. Altinay, J. Nash, T. Kroes, P. Rajasekaran, D. Zhou, A. Dabrowski, D. Gens, Y. Na, S. Volckaert, C. Giuffrida, H. Bos, and M. Franz ;"BinRec: Dynamic Binary Lifting and Recompilation — The Best Thing Since Sliced Binaries;" in EuroSys 2020, Heraklion, Greece; April 2020. (43 papers accepted out of 234 submissions = 18%)
T. Park, K. Dhondt, D. Gens, Y. Na, S. Volckaert, and M. Franz; "NoJITsu: Locking Down JavaScript Engines;" in 2020 Network and Distributed Systems Security Symposium (NDSS 2020), San Diego, California; February 2020. (88 papers accepted out of 506 submissions = 17%)
B. Belleville, W. Shen, S. Volckaert, A.M. Azab, and M. Franz; "KALD: Detecting Direct Pointer Disclosure Vulnerabilities;" IEEE Transactions on Dependable and Secure Computing (TDSC); 2019.
D.K. Song, J. Lettner, P. Rajasekaran, Y. Na, S. Volckaert, P. Larsen, and M. Franz; "SoK: Sanitizing for Security;" in 40th IEEE Symposium on Security and Privacy (IEEE S&P 2019), San Francisco, California; May 2019. (84 papers accepted out of 673 submissions + 10 revised paper from the previous year = 12.5%)
D.K. Song, F. Hetzelt, D. Das, Ch. Spensky, Y. Na, S. Volckaert, G. Vigna, Ch. Kruegel, J.-P. Seifert, and M. Franz; "PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary;" in 2019 Network and Distributed Systems Security Symposium (NDSS 2019), San Diego, California; February 2019. (89 papers accepted out of 521 submissions = 17%)
T. Kroes, A. Altinay, J. Nash, Y. Na, S. Volckaert, H. Bos, M. Franz, and Ch. Giuffrida; "BinRec: Attack Surface Reduction Through Dynamic Binary Recovery;" in 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST '18), Toronto, Canada; October 2018.
B. Belleville, H. Moon, J. Shin, D. Hwang, J.M. Nash, S. Jung, Y. Na, S. Volckaert, P. Larsen, Y. Paek, and M. Franz; "Hardware Assisted Randomization of Data;" in 21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018), Heraklion, Crete, Greece; September 2018. (33 papers accepted out of 145 submissions = 23%)
J. Lettner, D.K. Song, T. Park, S. Volckaert, P. Larsen, and M. Franz; "PartiSan: Fast and Flexible Sanitization via Run-time Partitioning;" in 21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018), Heraklion, Crete, Greece; September 2018. (33 papers accepted out of 145 submissions = 23%)
M. Qunaibit, S. Brunthaler, Y. Na, S. Volckaert and M. Franz; "Accelerating Dynamically-Typed Languages on Heterogeneous Platforms Using Guards Optimization;" in 2018 European Conference on Object-Oriented Programming (ECOOP 2018); Amsterdam, Netherlands; July 2018. (26 papers accepted out of 66 submissions = 39%)
T. Park, J. Lettner, Y. Na, S. Volckaert and M. Franz; "Bytecode Corruption Attacks Are Real—And How To Defend Against Them;" in 15th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2018), Paris, France; June 2018. (18 papers accepted out of 59 submissions = 30%)
M. Franz; "Making Multivariant Programming Practical and Inexpensive;" in IEEE Security and Privacy, Vol. 16, No. 3, pp. 90-94; May 2018.
S. Crane, A. Homescu, P. Larsen, H. Okhravi, and M. Franz; "Diversity and Information Leaks;" in P. Larsen and A.-R. Sadeghi (Eds.), The Continuing Arms Race: Code-Reuse Attacks and Defenses, ACM Books, Vol. 18, Morgan & Claypool Publishers, ISBN 978-1-97000-183-9, pp. 61-81; 2018. doi:10.1145/3129743.3129747
P. Biswas, A. Di Federico, S.A. Carr, P. Rajasekaran, S. Volckaert, Y. Na, M. Franz, and M. Payer; "Venerable Variadic Vulnerabilities Vanquished;" in USENIX Security 2017, Vancouver, British Columbia; August 2017. (85 papers accepted out of 522 submissions = 16%)
S. Volckaert, B. Coppens, B. De Sutter, K. De Bosschere, P. Larsen, and M. Franz; "Taming Parallelism in a Multi-Variant Execution Environment;" in EuroSys 2017, Belgrade, Serbia, pp. 270-285; April 2017. doi:10.1145/3064176.3064178 (41 papers accepted out of 182 valid submissions = 22%)
N. Burow, S.C. Carr, J. Nash, P. Larsen, M. Franz, S. Brunthaler, and M. Payer; "Control-Flow Integrity P3: Protection, Precision, and Performance," in ACM Computing Surveys (CSUR), Vol. 50, No. 1, Article No. 16; April 2017. doi:10.1145/3054924
R. Rudd, R. Skowyra, D. Bigelow, V. Dedhia, Th. Hobson, S. Crane, Ch. Liebchen, P. Larsen, L. Davi, M. Franz, A.-R. Sadeghi, and H. Okhravi; "Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity;" in 2017 Network and Distributed System Security Symposium (NDSS 2017), San Diego, California; February/March 2017. (68 papers accepted out of 423 submissions = 16%)
S. Volckaert, B. Coppens, A. Voulimeneas, A. Homescu, P. Larsen, B. De Sutter, and M. Franz; "Secure and Efficient Application Monitoring and Replication;" in 2016 USENIX Annual Technical Conference (ATC 2016), Denver, Colorado; June 2016. (47 papers accepted out of 266 submissions = 17.6%)
J. Lettner, B. Kollenda, A. Homescu, P. Larsen, F. Schuster, L. Davi, A.-R. Sadeghi, T. Holz, and M. Franz; "Subversive-C: Abusing and Protecting Dynamic Message Dispatch;" in 2016 USENIX Annual Technical Conference (ATC 2016), Denver, Colorado; June 2016. (47 papers accepted out of 266 submissions = 17.6%)
G. Wagner, P. Larsen, S. Brunthaler, and M. Franz; "Thinking Inside the Box: Compartmentalized Garbage Collection;" in ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 38, No. 3, Article No. 9; May 2016.
K. Braden, S. Crane, L. Davi, M. Franz, P. Larsen, Ch. Liebchen, and A.-R. Sadeghi; "Leakage-Resilient Layout Randomization for Mobile Devices;" in 2016 Network and Distributed System Security Symposium (NDSS 2016),San Diego, California; February 2016. (60 papers accepted out of 389 submissions = 15.4%)
P. Larsen, S. Brunthaler, L. Davi, A.-R. Sadeghi, and M. Franz; Automated Software Diversity; Morgan & Claypool, San Rafael, California, ISBN 978-1-6270-5734-9 (paperback), ISBN 978-1-6270-5755-4 (ebook); December 2015.
S. Crane, S. Volckaert, F. Schuster, Ch. Liebchen, P. Larsen, L. Davi, A.-R. Sadeghi, T. Holz, B. De Sutter, and M Franz; "It's a TRAP: Table Randomization and Protection against Function Reuse Attacks;" in 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado; October 2015. (128 papers accepted out of 646 submissions = 19.4%)
M. Conti, S. Crane, L. Davi, M. Franz, P. Larsen, Ch. Liebchen, M. Negro, M. Qunaibit, and A.-R. Sadeghi; "Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks;" in 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado; October 2015. (128 papers accepted out of 646 submissions = 19.4%)
G. Savrun-Yeniceri, M. L. Van de Vanter, P. Larsen, S. Brunthaler, and M. Franz; "Efficient and Generic Event-based Profiler Framework for Dynamic Languages;" in 2015 International Conference on Principles and Practices of Programming on the Java platform: Virtual machines, Languages, and Tools (PPPJ'15), Melbourne, Florida; September 2015.
C. Stancu, Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Safe and Efficient Hybrid Memory Management for Java;" in International Symposium on Memory Management 2015 (ISMM'15), Portland, Oregon; June 2015.
A. Homescu, T. Jackson, S. Crane, S. Brunthaler, P. Larsen, and M. Franz; "Large-scale Automated Software Diversity–Program Evolution Redux;" accepted to appear in IEEE Transactions on Dependable and Secure Computing (TDSC), 2015.
S. Crane, Ch. Liebchen, A. Homescu, L. Davi, P. Larsen, A.-R. Sadeghi, S. Brunthaler, and M Franz; "Readactor: Practical Code Randomization Resilient to Memory Disclosure;" in 36th IEEE Symposium on Security and Privacy, San Jose, California; May 2015. (55 papers accepted out of 407 submissions = 13.5%)
P. Larsen, A. Homescu, S. Brunthaler, and M. Franz; "Automatic Software Diversity;" in IEEE Security and Privacy, Vol. 13, No. 2, pp. 30-37; March 2015.
S. Crane, A. Homescu, S. Brunthaler, P. Larsen, and M. Franz; "Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity;" in 2015 Network and Distributed System Security Symposium (NDSS 2015), San Diego, California; February 2015. (51 papers accepted out of 302 submissions = 16.9%)
V. Mohan, P. Larsen, S. Brunthaler, K. Hamlen, and M. Franz;" Opaque Control Flow Integrity" in 2015 Network and Distributed System Security Symposium (NDSS 2015), San Diego, California; February 2015. (51 papers accepted out of 302 submissions = 16.9%)
M. Murphy, P. Larsen, S. Brunthaler, and M. Franz; "Software Profiling Options and Their Effects on Security Based Code Diversification;" in First ACM Workshop on Moving Target Defense (MTD 2014), Scottsdale, Arizona; November 2014.
W. Zhang, P. Larsen, S. Brunthaler, and M. Franz; "Accelerating Iterators in Optimizing AST Interpreters;'' in 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA 2014), Portland, Oregon, pp. 727-743; October 2014. (52 papers accepted out of 186 submissions = 28%)
C. Stancu, Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Comparing Points-to Static Analysis with Runtime Recorded Profiling Data;" in 2014 International Conference on Principles and Practices of Programming on the Java platform: Virtual machines, Languages, and Tools (PPPJ 2014), Cracow, Poland, pp. 157-168; September 2014.
P. Larsen, A. Homescu, S. Brunthaler, and M. Franz; "SoK: Automated Software Diversity;" in 35th IEEE Symposium on Security and Privacy, San Jose, California, pp. 276-291; May 2014.
(44 papers accepted out of 334 submissions = 13%)
P. Larsen, S. Brunthaler, and M. Franz; "Security through Diversity: Are We There Yet?," in IEEE Security and Privacy, Vol. 12, No. 2, pp. 28-35; March 2014.
G. Savrun-Yeniceri, W. Zhang, H. Zhang, E. Seckler, C. Li, S. Brunthaler, P. Larsen, and M. Franz; "Efficient Hosted Interpreters on the JVM;" in ACM Transactions on Architecture and Code Optimization (TACO), Vol. 11, No. 1, Article No. 9; February 2014.
Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Information Flow Tracking meets Just-In-Time Compilation;" in 9th International Conference on High-Performance and Embedded Architectures and Compilers (HiPEAC 2014), Vienna, Austria, January 2014.
Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Information Flow Tracking meets Just-In-Time Compilation;" in ACM Transactions on Architecture and Code Optimization (TACO), Vol. 10, No 4, Article No. 38; December 2013.
Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "CrowdFlow: Efficient Information Flow Security;" accepted for publication in 16th Information Security Conference (ISC 2013), Dallas, Texas; November 2013. (70 submissions, 16 accepted = 23% acceptance rate plus 14 short papers)
A. Homescu, P. Larsen, S. Brunthaler, and M. Franz; "librando: Transparent Code Randomization for Just-in-Time Compilers;" in 20th ACM Conference on Computer and Communications Security (CCS 2013), Berlin, Germany; November 2013. (105 papers accepted out of 530 submissions = 19.8%)
G. Savrun-Yeniceri, W. Zhang, H. Zhang, C. Li, P. Larsen, S. Brunthaler, and M. Franz; "Efficient Interpreter Optimizations for the JVM;" in 2013 International Conference on the Principles and Practice of Programming on the Java Platform: Virtual Machines, Languages, and Tools (PPPJ'13), Stuttgart, Germany; September 2013.
S. Crane, P. Larsen, S. Brunthaler, and M. Franz; "Booby Trapping Software;" in 2013 New Security Paradigms Workshop (NSPW 2013), Banff, Canada; September 2013.
E. Hennigan, Ch. Kerschbaumer, P. Larsen, S. Brunthaler, and M. Franz; "First-Class Labels: Using Information Flow to Debug Security Holes;" in M. Huth, N. Asokan, S. Capkun, I. Flechais, and L. Coles-Kemp (Eds.), Trust and Trustworthy Computing, 6th International Conference (TRUST 2013), London, United Kingdom, Springer Lecture Notes in Computer Science, Vol. 7904, ISBN 978-3-642-38907-8, pp. 151–168; June 2013.
Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Towards Precise and Efficient Information Flow Control in Web Browsers;" in M. Huth, N. Asokan, S. Capkun, I Flechais, and L. Coles-Kemp (Eds.), Trust and Trustworthy Computing, 6th International Conference (TRUST 2013), London, United Kingdom, Springer Lecture Notes in Computer Science, Vol. 7904, ISBN 978-3-642-38907-8, pp. 187–195; June 2013.
T. Jackson, A. Homescu, S. Crane, P. Larsen, S. Brunthaler, and M. Franz; "Diversifying the Software Stack Using Randomized NOP Insertion;" in S. Jajodia, A K Ghosh, V. S. Subrahmanian, V Swarup, C. Wang, X. S. Wang (Eds.),Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Springer Advances in Information Security, Vol. 100, ISBN 978-1-4614-5415-1, pp. 151-174; 2013.
A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz; "Profile-guided Automated Software Diversity,"' in 2013 International Symposium on Code Generation and Optimization (CGO 2013), Shenzhen, China; February 2013. (33 papers accepted out of 117 submissions = 28%)
A. Homescu, M. Stewart, P. Larsen, S. Brunthaler, and M. Franz; "Microgadgets: Size Does Matter In Turing-complete Return-oriented Programming,'" in 6th USENIX Workshop on Offensive Technologies (WOOT '12), Bellevue, Washington; August 2012.
Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Fine-Grained Modularity and Reuse of Virtual Machine Components;" in 11th Annual International Conference on Aspect-Oriented Software Development (AOSD '12), Potsdam, Germany, ACM Press, ISBN 978-1-4503-1092-5, pp. 203-214; March 2012.
G. Wagner, A. Gal, and M. Franz; “Slimming a Java Virtual Machine by way of Cold Code Removal and Optimistic Partial Program Loading;” in Science of Computer Programming, Vol. 76, No. 11, pp. 1037-1053; November 2011.
M. Chang, B. Mathiske, E. Smith, A. Chaudhuri, M. Bebenita, A Gal, Ch. Wimmer, and M Franz; "The Impact of Optional Type Information on JIT Compilation Of Dynamically Typed Languages" in 7th Dynamic Languages Symposium (DLS 2011), Portland, Oregon, ACM Press, ISBN 978-1-4503-0939-4, pp. 13-24; October 2011.
T. Jackson, B. Salamat, A. Homescu, K. Manivannan, G. Wagner, A. Gal, S. Brunthaler, Ch. Wimmer, and M. Franz; “Compiler-Generated Software Diversity;” in S. Jajodia, A.K. Ghosh, V. Swarup, C. Wang, and X.S. Wang (Eds.), Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats; Springer, ISBN 978-1-4614-0976-2; September 2011.
G. Wagner, A. Gal, Ch. Wimmer, B. Eich and M. Franz; "Compartmental Memory Management in a Modern Web Browser;" in International Symposium on Memory Management (ISMM 2011), San Jose, California; June 2011.
B. Salamat, T. Jackson, G. Wagner, Ch. Wimmer, and M. Franz: "Run-Time Defense against Code Injection Attacks using Replicated Execution ;" In IEEE Transactions on Dependable and Secure Computing. IEEE Computer Society, 2011. |