Cristiano Giuffrida

Image of Cristiano Giuffrida

Assistant Professor

Email address:

Phone:

+31 20 598 4259

Fax:

+31 20 598 7653

Mailing address:

Cristiano Giuffrida
Faculty of Science
Dept of Computer Science
VU University Amsterdam
De Boelelaan 1081A
1081 HV, Amsterdam
The Netherlands

Office:

De Boelelaan 1081
Room R4.20

 

Research

  • I am an assistant professor in Systems Security and Reliability at the VU Amsterdam. I am a member of VUSec, working in close collaboration with Prof. Herbert Bos. I received my PhD from the VU Amsterdam in 2014, under the supervision of Prof. Andrew S. Tanenbaum. I was awarded the Roger Needham Award at EuroSys for the best PhD thesis in Computer Systems in Europe and the Dennis M. Ritchie Award at SOSP for the best PhD thesis in Computer Systems worldwide in 2015.

    My research interests span across several aspects of systems, with a strong focus on systems security and reliability.
    I am currently active in a number of systems areas, ranging from live update, automatic error recovery, and software testing to memory error containment, side channels, and hardware vulnerabilities.

New web page

Publications

  • Conference and Workshop Papers

    • ASLR on the Line: Practical Cache Attacks on the MMU
      Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, and Cristiano Giuffrida
      In Proceeding of the Network and Distributed System Security Symposium (NDSS '17)
      February 26 - March 1, 2017, San Diego, CA, USA
      [PDF]
    • VUzzer: Application-aware Evolutionary Fuzzing
      Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos
      In Proceeding of the Network and Distributed System Security Symposium (NDSS '17)
      February 26 - March 1, 2017, San Diego, CA, USA
      [PDF]
    • SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities
      Alyssa Milburn, Herbert Bos, and Cristiano Giuffrida
      In Proceeding of the Network and Distributed System Security Symposium (NDSS '17)
      February 26 - March 1, 2017, San Diego, CA, USA
      [PDF]
    • MARX: Uncovering Class Hierarchies in C++ Programs
      Andre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos, and Cristiano Giuffrida
      In Proceeding of the Network and Distributed System Security Symposium (NDSS '17)
      February 26 - March 1, 2017, San Diego, CA, USA
      [PDF]
    • CodeArmor: Virtualizing the Code Space to Counter Disclosure Attacks
      Xi Chen, Herbert Bos, and Cristiano Giuffrida
      In Proceeding of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P '17)
      April 26-28, 2017, Paris, France
      [PDF]
    • A NEaT Design for Reliable and Scalable Network Stacks
      Tomas Hruby, Cristiano Giuffrida, Lionel Sambuc, Herbert Bos, and Andrew S. Tanenbaum
      In Proceeding of the 12th International Conference on emerging Networking EXperiments and Technologies (CoNext '16)
      December 12-15, 2016, Irvine, CA, USA
      [PDF]
    • VTPin: Practical VTable Hijacking Protection for Binaries
      Pawel Sarbinowski, Vasileios P. Kemerlis, Cristiano Giuffrida, and Elias Athanasopoulos
      In Proceeding of the Annual Computer Security Applications Conference (ACSAC '16)
      December 5-9, 2016, Los Angeles, CA, USA
      [PDF]
    • Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
      Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida
      In Proceeding of the 23rd ACM Conference on Computer and Communications Security (CCS '16)
      October 24-28, 2016, Vienna, Austria
      [PDF]
    • TypeSan: Practical Type Confusion Detection
      Istvan Haller, Yuseok Jeon, Hui Peng, Mathias Payer, Cristiano Giuffrida, Herbert Bos, and Erik van der Kouwe
      In Proceeding of the 23rd ACM Conference on Computer and Communications Security (CCS '16)
      October 24-28, 2016, Vienna, Austria
      [PDF]
    • Undermining Information Hiding (And What to do About it)
      Enes Goktas, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, and Herbert Bos
      In Proceeding of the 25th USENIX Security Symposium (USENIX Sec '16)
      August 10-12, 2016, Austin, TX, USA
      [PDF]
    • Flip Feng Shui: Hammering a Needle in the Software Stack
      Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos
      In Proceeding of the 25th USENIX Security Symposium (USENIX Sec '16)
      August 10-12, 2016, Austin, TX, USA
      [PDF]
    • Poking Holes in Information Hiding
      Angelos Oikonomopoulos, Elias Athanasopoulos, Herbert Bos, and Cristiano Giuffrida
      In Proceeding of the 25th USENIX Security Symposium (USENIX Sec '16)
      August 10-12, 2016, Austin, TX, USA
      [PDF]
    • Peeking into the Past: Efficient Checkpoint-assisted Time-traveling Debugging
      Armando Miraglia, Dirk Vogt, Herbert Bos, Andrew S. Tanenbaum, and Cristiano Giuffrida
      In Proceeding of the 27th International Symposium on Software Reliability Engineering (ISSRE '16)
      October 23-27, 2016, Ottawa, Canada
      [PDF]
    • Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector
      Erik Bosman, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida
      In Proceeding of the 37th IEEE Symposium on Security and Privacy (S&P '16)
      May 23-25, 2016, San Jose, CA, USA
      Awarded the Pwnie Award for Most Innovative Research at Black Hat USA!
      [PDF]
    • A Tough call: Mitigating Advanced Code-Reuse Attacks at the Binary Level
      Victor van der Veen, Enes Goktas, Moritz Contag, Andre Pawlowski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, and Cristiano Giuffrida
      In Proceeding of the 37th IEEE Symposium on Security and Privacy (S&P '16)
      May 23-25, 2016, San Jose, CA, USA
      [PDF]
    • Secure and Efficient Multi-variant Execution Using Hardware-assisted Process Virtualization
      Koen Koning, Herbert Bos, and Cristiano Giuffrida
      In Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '16)
      June 28-July 01, 2016, Toulouse, France
      [PDF]
    • OSIRIS: Efficient and Consistent Recovery of Compartmentalized Operating Systems
      Koustubha Bhat, Dirk Vogt, Erik van der Kouwe, Ben Gras, Lionel Sambuc, Andrew S. Tanenbaum, Herbert Bos, and Cristiano Giuffrida
      In Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '16)
      June 28-July 01, 2016, Toulouse, France
      [PDF]
    • METAlloc: Efficient and Comprehensive Metadata Management for Software Security Hardening
      Istvan Haller, Erik van der Kouwe, Cristiano Giuffrida, and Herbert Bos
      In Proceeding of the European Workshop on System Security (EuroSec '16)
      April 18, 2016, London, UK
      [PDF]
    • On the Effectiveness of Sensor-enhanced Keystroke Dynamics Against Statistical Attacks
      Valeriu - Daniel Stanciu, Riccardo Spolaor, Mauro Conti, and Cristiano Giuffrida
      In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (CODASPY '16)
      March 9-11, New Orleans, LA, USA
      [PDF]
    • Slick: An Intrusion Detection System for Virtualized Storage Devices
      Andrei Bacs, Cristiano Giuffrida, Bernhard Grill, and Herbert Bos
      In Proceedings of the 31st ACM/SIGAPP Symposium on Applied Computing (SAC '16)
      April 4-8, 2016, Pisa, Italy
      [PDF]
    • Practical Context-sensitive CFI
      Victor van der Veen, Dennis Andriesse, Enes Goktas, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, Cristiano Giuffrida
      In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS '15)
      October 12-16, 2015, Denver, Colorado, USA
      [PDF] [Citations]
    • Speculative Memory Checkpointing
      Dirk Vogt, Armando Miraglia, Georgios Portokalidis, Herbert Bos, Andrew S. Tanenbaum, and Cristiano Giuffrida
      In Proceedings of the ACM/IFIP/USENIX Middleware Conference (Middleware '15)
      December 7-11, 2015, Vancouver, Canada
      [PDF]
    • Lightweight Memory Checkpointing
      Dirk Vogt, Cristiano Giuffrida, Herbert Bos, and Andrew S. Tanenbaum
      In Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '15)
      June 22-25, 2015, Rio de Janeiro, Brazil
      [PDF] [Citations]
    • StackArmor: Comprehensive Protection From Stack-based Memory Error Vulnerabilities for Binaries
      Xi Chen, Asia Slowinska, Dennis Andriesse, Herbert Bos, and Cristiano Giuffrida
      In Proceedings of the Network and Distributed System Security Symposium (NDSS '15)
      February 8-11, 2015, San Diego, CA, USA
      [PDF] [Citations]
    • A Methodology to Efficiently Compare Operating System Stability
      Erik van der Kouwe, Cristiano Giuffrida, Razvan Ghitulete, and Andrew S. Tanenbaum
      In Proceedings of the 16th IEEE International Symposium on High-Assurance Systems Engineering (HASE '15)
      January 8-10, 2015, Daytona Beach, FL, USA
      [PDF]
    • Mutable Checkpoint-Restart: Automating Live Update for Generic Server Programs
      Cristiano Giuffrida, Calin Iorgulescu, and Andrew S. Tanenbaum
      In Proceedings of the ACM/IFIP/USENIX Middleware Conference (Middleware '14)
      December 8-12, 2014, Bordeaux, France
      [PDF] [Talk] [Citations]
    • I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics
      Cristiano Giuffrida, Kamil Majdanik, Mauro Conti, and Herbert Bos
      In Proceedings of the 11th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA '14)
      July 10-11, 2014, Egham, UK
      [PDF] [Talk] [Citations]
    • On the Soundness of Silence: Investigating Silent Failures Using Fault Injection Experiments
      Erik van der Kouwe, Cristiano Giuffrida, and Andrew S. Tanenbaum
      In Proceedings of the Tenth European Dependable Computing Conference (EDCC '14)
      May 13-16, 2014, Newcastle upon Tyne, UK
      [PDF]
    • Evaluating Distortion in Fault Injection Experiments
      Erik van der Kouwe, Cristiano Giuffrida, and Andrew S. Tanenbaum
      In Proceedings of the 15th IEEE International Symposium on High-Assurance Systems Engineering (HASE '14)
      January 9-11, 2014, Miami, FL, USA
      Awarded Best Paper!
      [PDF] [Citations]
    • EDFI: A Dependable Fault Injection Tool for Dependability Benchmarking Experiments
      Cristiano Giuffrida, Anton Kuijsten, and Andrew S. Tanenbaum
      In Proceedings of the Pacific Rim International Symposium on Dependable Computing (PRDC '13)
      December 2-4, 2013, Vancouver, BC, Canada
      [PDF] [Talk] [Citations]
    • Techniques for Efficient In-Memory Checkpointing
      Dirk Vogt, Cristiano Giuffrida, Herbert Bos, and Andrew S. Tanenbaum
      In Proceedings of the Ninth Workshop on Hot Topics in System Dependability (HotDep '13)
      November 3, 2013, Nemacolin Woodlands Resort, PA, USA
      [PDF] [Talk] [Citations]
    • Back to the Future: Fault-tolerant Live Update with Time-traveling State Transfer
      Cristiano Giuffrida, Calin Iorgulescu, Anton Kuijsten, and Andrew S. Tanenbaum
      In Proceedings of the 27th USENIX Large Installation System Administration Conference (LISA '13)
      November 3-8, 2013, Washington, D.C., USA
      Awarded Best Student Paper!
      [PDF] [Talk] [Citations]
    • Practical Automated Vulnerability Monitoring Using Program State Invariants
      Cristiano Giuffrida, Lorenzo Cavallaro, and Andrew S. Tanenbaum
      In Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '13)
      June 24-27, 2013, Budapest, Hungary
      [PDF] [Talk] [Citations]
    • Safe and Automatic Live Update for Operating Systems
      Cristiano Giuffrida, Anton Kuijsten, and Andrew S. Tanenbaum
      In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '13)
      March 16-20, 2013, Houston, TX, USA
      [PDF] [Talk] [Citations]
    • Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization
      Cristiano Giuffrida, Anton Kuijsten, and Andrew S. Tanenbaum
      In Proceedings of the 21st USENIX Security Symposium (USENIX Security '12)
      August 8-10, 2012, Bellevue, WA, USA
      [PDF] [Talk] [Citations]
    • Safe and Automated State Transfer for Secure and Reliable Live Update
      Cristiano Giuffrida and Andrew S. Tanenbaum
      In Proceedings of the Fourth International Workshop on Hot Topics in Software Upgrades (HotSWUp '12)
      June 3, 2012, Zurich, Switzerland
      [PDF] [Talk] [Citations]
    • Memoirs of a Browser: A Cross-browser Detection Model for Privacy-breaching Extensions
      Cristiano Giuffrida, Stefano Ortolani, and Bruno Crispo
      In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012)
      May 1-3, 2012, Seoul, South Korea
      [PDF] [Talk]
    • KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware
      Stefano Ortolani, Cristiano Giuffrida, and Bruno Crispo
      In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011)
      September 20-21, 2011, Menlo Park, CA, USA
      [PDF] [Talk] [Citations]
    • We Crashed, Now What?
      Cristiano Giuffrida, Lorenzo Cavallaro, and Andrew S. Tanenbaum
      In Proceedings of the Sixth Workshop on Hot Topics in System Dependability (HotDep '10)
      October 3, 2010, Vancouver, BC, Canada
      [PDF] [Talk] [Citations]
    • Bait your Hook: a Novel Detection Technique for Keyloggers
      Stefano Ortolani, Cristiano Giuffrida, and Bruno Crispo
      In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010)
      September 15-17, 2010, Ottawa, Canada
      [PDF] [Talk] [Citations]
    • A Taxonomy of Live Updates
      Cristiano Giuffrida and Andrew S. Tanenbaum
      In Proceedings of the 16th Annual Conference of the Advanced School for Computing and Imaging (ASCI 2010)
      November 1-3, 2010, Veldhoven, The Netherlands
      [PDF] [Talk] [Citations]
    • A Gossip-based Churn Estimator for Large Dynamic Networks
      Cristiano Giuffrida and Stefano Ortolani
      In Proceedings of the 16th Annual Conference of the Advanced School for Computing and Imaging (ASCI 2010)
      November 1-3, 2010, Veldhoven, The Netherlands
      [PDF] [Talk] [Citations]
    • Cooperative Update: a New Model for Dependable Live Update
      Cristiano Giuffrida and Andrew S. Tanenbaum
      In Proceedings of the Second International Workshop on Hot Topics in Software Upgrades (HotSWUp '09)
      October 25, 2009, Orlando, FL, USA
      [PDF] [Talk] [Citations]
  • Journal Papers

    • Automating Live Update for Generic Server Programs
      Cristiano Giuffrida, Calin Iorgulescu, and Andrew S. Tanenbaum
      In IEEE Transactions in Software Engineering
      2016
      [PDF]
    • Finding Fault with Fault Injection: An Empirical Exploration of Distortion in Fault Injection Experiments
      Erik van der Kouwe, Cristiano Giuffrida, and Andrew S. Tanenbaum
      In Software Quality Journal
      Volume 23, November 2014
      [Link]
    • Unprivileged Black-box Detection of User-space Keyloggers
      Stefano Ortolani, Cristiano Giuffrida, and Bruno Crispo
      In IEEE Transactions on Dependable and Secure Computing (TDSC)
      Volume 10, Issue 1, January 2013
      [PDF] [Citations]
    • A Heuristic Approach to Author Name Disambiguation in Bibliometrics Databases for Large-scale Research Assessments
      Ciriaco Andrea D'Angelo, Cristiano Giuffrida, Giovanni Abramo
      In Journal of the American Society for Information Science and Technology
      Volume 62 Issue 2, February 2011
      [Link] [Citations]
  • Posters

    • Profiling Memory Usage Patterns for Keylogging Detection with KLIMAX
      Stefano Ortolani, Cristiano Giuffrida, and Bruno Crispo
      Presented at the 8th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '11)
      July 7-8, 2011, Amsterdam, The Netherlands
      [PDF] [Abstract]
    • It Wasn't My Fault: Understanding OS Fault Propagation Via Delta Execution
      Cristiano Giuffrida, Lorenzo Cavallaro, and Andrew S. Tanenbaum
      Presented at the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI '10)
      October 4-6, 2010, Vancouver, BC, Canada
      [PDF] [Abstract]
    • Fine-grained OS Behavior Characterization
      Lorenzo Cavallaro, Cristiano Giuffrida, and Andrew S. Tanenbaum
      Presented at the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI '10)
      October 4-6, 2010, Vancouver, BC, Canada
      [PDF] [Abstract]
  • Magazines

    • Binary Code Rejuvenation: Applications and Challenges
      Angelos Oikonomopoulos, Cristiano Giuffrida, Sanjay Rawat, and Herbert Bos
      IEEE Security and Privacy
      January 2016
      [PDF]
    • MINIX 3: Status Report and Current Research
      Andrew Tanenbaum, Raja Appuswamy, Herbert Bos, Lorenzo Cavallaro, Cristiano Giuffrida, Tomas Hruby, Jorrit Herder, Erik van der Kouwe, and David van Moolenbroek
      In ;login: The USENIX Magazine
      June 2010
      [PDF]
  • Other

    • Bypassing Clang's SafeStack for Fun and Profit
      Enes Goktas, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, and Herbert Bos
      In Black Hat Europe, 2016
      November 1-4, 2016, London, UK
      [PDF]
    • Flip Feng Shui: Breaking the VM's Isolation
      Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos
      In Black Hat Europe, 2016
      November 1-4, 2016, London, UK
      [PDF]
    • Over the Edge: Silently Owning Windows 10's Secure Browser
      Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos
      In Black Hat USA, 2016
      July 30 - August 4, 2016, Las Vegas, NV, USA
      [PDF]
    • Safe and Automatic Live Update
      Cristiano Giuffrida
      PhD Thesis. Department of Computer Science, VU University Amsterdam
      April 2014
      Awarded the Roger Needham Award at EuroSys!
      Awarded the Dennis M. Ritchie Award at SOSP!
      [PDF] [Talk]
    • Prepare to Die: A New Paradigm for Live Update
      Cristiano Giuffrida and Andrew S. Tanenbaum
      Technical Report IR-CS-51. Department of Computer Science, VU University Amsterdam
      April 2009
      [PDF]
© 2015-2017 Cristiano Giuffrida
Last-Modified: Friday, December 23, 2016.

spamfuik@vu.nl