20/10/2016
Four of our NDSS 2017.
|
01/09/2016
Two of our papers were accepted for papers were accepted for CCS 2016.
|
14/05/2016
Four of our papers were accepted for USENIX Security 2016.
|
16/04/2016
Our work on the BAndroid Vulnerability appeared in The Register: Academics claim Google Android two-factor authentication is breakable. This was slashdotted twice: here and here.
|
15/03/2016
Our Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector and our Tough Call: Mitigating Advanced Code-Reuse Attacks At The Binary Level were accepted for Oakland.
|
24/02/2016
SROP (SigReturn-Oriented Programming) features in LWN. See also the new patch.
|
10/12/2015
Best student paper award at ACSAC'2016 for ShrinkWrap: VTable protection without loose ends.
|
09/07/2015
More about the BAndroid vulnerability. This time an article in NRC: Pas op. Google geeft je een gevaarlijke overdosis gebruiksgemak.
|
30/06/2015
And even more ado about the BAndroid vulnerability in the Volkskrant (Dutch) Hoe flikken ze dat: inbreken op onze mobiele telefoons?.
|
27/06/2015
Much ado about a security problem we found in Android.
|
25/06/2015
Proud to have won the Senior Lecturer Award of the Faculty of Sciences.
|
28/05/2015
Years ago, I gave an (inaugural) speech about
systems security which uses the term Red Queen Effect to refer to the
arms race between attackers and defenders. I completely forgot about
it, but recently stumbled on it while cleaning up my hard drive. It is
intended for a lay audience (explain my view on security research), but also discusses buffer overflows, code reuse attacks, and the beauty of hacking. Also,
cleverly hidden in the text is a piece of malicious shellcode.
|
06/03/2015
Earlier today, the paper Out of control: Overcoming Control Flow Integrity, of which Enes Goktas was the first author, was awarded the Dutch Cyber Security Research Award (for best paper in security research in the Netherlands).
|
06/03/2015
Two of our papers (the "Out-of-Control" oakland paper by Enes Goktas and the " Framing Signals" S&P paper by Erik Bosman) were among 5 papers selected as Highlights of Dutch Cyber Security Research.
|
06/03/2015
Recent keynotes: SBESC (Manaus, Brazil), ICISS (Hyderabad, India), and ESSOS (Milan, Italy)
|
03/02/2015
RAID 2015 will be held in Kyoto, Japan. Gear up now to send in your best work!
|
23/12/2014
Anyone teaching security, C programming, operating systems, etc., should consider the 10K Students Challenge which explains buffer overflows, targetting different audiences: students without any background in computer science, computer scientists, and students enrolled in a security course. It comes with test questions, slides in different formats, and simple video presentations.
|
15/06/2014
Some news on the GameOver Zeus takedown on KrebsOnSecurity and some more on Geek.com.
|
27/01/2014
I have won a VICI grant to work on finding security holes in binary software.
|
20/01/2014
We have finally (after more than a year of dilly dallying) pre-released Argos 0.7. As it is based on Qemu 1.1.0, it supports Windows 7.
|
29/10/2013
We had two papers at WCRE this year: MemBrush (on detecting and classifying custom memory allocators in binaries) and MemPick (on detecting pointer structures like trees and lists in binaries). MemBrush won the best paper award!
|
15/07/2013
Last year, we published a paper at RAID about memory errors (Memory Errors: The Past, the Present, and the Future). We are still tracking this. Have a look at Victor's Trends in Memory Errors.
|
20/04/2013
Very proud of my (ex-)student Asia Slowinska who won the Roger Needham Award for best Ph.D. thesis in Systems in Europe. The prize of 2000 euro and a certificate was awarded last week at the banquet of Eurosys in Prague. After Willem de Bruijn and Jorrit Herder, this is the third time we have won this award!
|
29/1/2013
Our paper on P2P botnet resilience was accepted by Security & Privacy (Oakland).
|
22/11/2012
Anyone considering a masters in computer science with a focus on systems should check out our top masters pdcs. Also have a look at this somewhat older and (to me) amusing video made by Andy Tanenbaum.
|
26/05/2012
One of the VUBar teams participating in the Hack-in-the-Box CTF came on Dutch TV
|
23/03/2012
Our BinArmour paper was accepted for publication by USENIX.
|
01/02/2012
Our paper "Prudent Practices for Designing Malare Experiments: Status Quo and outlook" was accepted for publication by Oakland (Security & Privacy).
|
01/02/2012
The university made me full professor!
|
02/09/2011
Do submit papers to EuroSys 2012.
|
01/09/2011
We developed Minemu, an emulator for very fast taint tracking. The code is available for download and a corresponding paper was accepted for RAID.
|
08/07/2011
DIMVA is over and IMHO it was quite a success. We had several co-located event (chief among which the very popular SysSec workshop and dCTF Capture-the-Flag competition). Some pictures of the social event.
|
12/04/2011
Jorrit Herder just won the EuroSys Roger Needham Ph.D. Award for best
Ph.D. thesis in Systems in Europe. See the full
press release here. Safe to say, I am very proud! Especially since this is the
second consecutive time that one of our (and one of my) students won the
award. Last year, Willem de Bruijn won the award.
|
12/04/2011
We finally released a new version of Argos---with shellcode tracking. After detecting an attack, Argos can keep executing the attackers' code to distinguish the code's actions and to separate shellcode from nop-sled, and unpacker(s).
|
10/04/2011
With if(is) and U. Erlangen, we developed Sandnet, an environment to run and analyse malware.
|
01/04/2011
Scholarships available!. System security researchers (including students) interested in short term research visits to top research centers in the field should consider applying for a SysSec scholarship.
|
23/03/2011
The Streamline paper --
submitted years ago -- was formally accepted for publication in ACM Transactions on Computer Systems (TOCS). It should appear in May.
|
16/12/2010
An article in the Intermediair on Stuxnet (Dutch and not technical).
|
13/12/2010
Radio interview: Hoe?Zo! Radio on Wikileaks (Dutch and not technical).
|
12/10/2010
Our paper on dynamic data excavation was accepted by NDSS'2011.
|
15/09/2010
Our paper on Paranoid
Android was accepted by ACSAC'2010.
|
02/08/2010
Very happy: I was awarded an ERC
Grant for a project on reverse engineering. :-)
|
02/07/2010
With students from various other universities, six of my students did
battle in the Capture The Flag competition at the Hack-In-The-Box
conference in Amsterdam this week. When the dust settled, they ranked
1, 2, 3, 4, 5, and 6! Overall winner was Jozef Svec. Here is a picture of the competition and here
is a picture of the celebratory beers.
|
01/07/2010
Our Streamline paper -- which we
submitted two years ago -- was accepted with minor revisions ACM Transactions on Computer Systems (TOCS). Currently working on the revisions!
|
25/05/2010
In the Paranoid
Android project, we detect attacks on smart phones by running
security checks on a remote server in the cloud (see also last year's announcement). Update on this
project: we now have multiple methods for detecting attacks running on
our servers (such as standard antivirus scanners and taint
analysis). Moreover, we are finishing a kernel implementation that is
expected to improve performance. We have registered an updated TR (the original report from Sept 2009 is still available here).
|
15/04/2010
I am proud of all my students, but these days I am extremely
proud of Willem de Bruijn, who was awarded the ACM SIGOPS EuroSys
Roger Needham PhD Award for best PhD in Europe. The topic of
his PhD thesis is, of course, Streamline.
|
31/02/2010
Our new version of Argos is capable of analysing exploits by executing and analyzing unpackers and shellcode.
|
23/10/2009
Note: EUROSEC 2010, the European Systems Security venue is approaching.
|
15/10/2009
We released Streamline version 1.7.4.5: bug fix release, mainly for PipesFS.
|
23/09/2009
I have started writing a more complete version of the tutorial on kernel writing. So far I only have a chapter on building and booting the most basic kernel, but if I find time, I will try to make it more interesting in the future.
|
16/09/2008
New version of shelia: bug fixes mostly.
|
15/09/2009
Smartphones are vulnerable and hard to protect. In the Paranoid
Android project, we show how we can offload all security checks to a
server running a replica in the Cloud. We now have this working and we
made available a technical
report on our implementation.
|
15/08/2008
We now released Streamline 1.7.4.4: bug fixes, performance improvements, support for newer kernels.
|
09/07/2008
We released Streamline 1.7.4 which adds
PipesFS: a Linux virtual filesystem for I/O. PipesFS presents kernel I/O
operations as directories and exports live streams through Unix pipes. The FS
allows users to quickly construct kernel tasks using the 40+ Streamline
operations using mkdir, ln, etc. and to interact with kernel I/O using cat,
grep, gzip, etc.
|
22/05/2008
We released Argos v0.4.1. It fixes an annoying bug that has been bothering us for a while now and causes false positives.
|
22/05/2008
Anyone interested in writing their own kernels: here is a tutorial
on how to write a simple kernel and get it to boot in Qemu. It is a
shameless rip-off of Brandon F.'s tutorial, but for ELF format rather than a.out, and with info about making a bootable Grub image.
|
03/03/2008
The ACM SIGOPS EUROSEC European
Workshop on System Security was held in Glasgow.
|
03/03/2008
We have released Argos version 0.4.0 which is based upon QEMU v0.9.1. QEMO 0.9.x boasts many new features over the older 0.8.x versions. Besides benefitting from these, Argos itself also has a few new features. Argos 0.4.0 was also released as a debian package.
|
26/02/2008
A debian package of the latest Argos release is now available.
You can get it here.
|
26/02/2008
We released Streamline version 1.7.3. It is more robust and stress-tested in real application benchmarks (e.g., bind and mplayer). New: UDP sockets API, network driver interface and Intel pro/1000 driver, mulktithreading, x86_64 support.
|
05/02/2008
EUROSEC, the ACM SIGOPS Workshop for System Security is now open for submissions.
|
07/01/2008
The paper on Eudaemon was accepted for publication at ACM SIGOPS Eurosys 2008.
|
04/11/2007
For students interested in buffer overflows, I wrote a technical tutorial that explains a two-phase buffer-overflow attack that works in the presence of address space randomization: a two-phase buffer overflow .
|
01/11/2007
A paper on the buffering system in Streamline ("Beltway buffers: avoiding the OS traffic jam")was accepted for INFOCOM'08. See also the Streamline website.
|
01/10/2007
A paper on the implementation of Ruler on Intel IXP2xxx network processors ("Ruler: easy packet matching and rewriting on network processors") was accepted for ANCS'07. See also the Ruler website.
|
18/09/2007
We released Rulerproxy: an efficient, userspace application for Linux that allows one to apply Ruler filters at application level (e.g., after TCP reassembly).
|
29/08/2007
Niels Provos and Thorsten Holz have written a book about
Honeypots Virtual Honeypots: From Botnet Tracking to
Intrusion Detection which writes in some detail about Argos. There is also a Safari online version.
|
23/08/2007
We released Streamline
version 1.7.2. An important new feature is a virtual filesystem
(like sysfs) interface to streamline. With this netmonfs you can
inspect live datastreams as if you're reading local files. Setting up
streams and filters is easily accomplished through mkdir, open and
other well-known core utilities. In addition, it should be more
stabile.
|
11/07/2007
No code available yet, but we managed to speed up the Argos Honeypot by making it switch between Xen and Argos when needed (by using the techniques described in Ho et al.'s paper in Eurosys 2006).
|
01/05/2007
We released Streamline version 1.7.0. Many fixes and changes!
|
11/02/2007
Shelia, a new client-side honeypot for windows is now available.
|
11/02/2007
We recently released Streamline version 1.6.3. Many fixes and changes!
|
08/12/2006
The technical report about the Beltway Buffers in Streamline is now online.
|
08/12/2006
The technical report about the Ruler language for network pattern matching and rewriting is now online. See also the Ruler website.
|
04/12/2006
The new release of Argos (version 0.2.3) is now out. itcorrects a bug in previous versions that would cause a crash in instances compiled with the --enable-net-tracker option.
|
01/09/2006
Check out the new release (version 0.3) of the Ruler language for traffic pattern matching and rewriting.
|
No date
Check out our new 'top-masters program'
|
No date
Current students should check out the courses
and projects section and the Open MSc projects page.
|
June 2006
Version 0.1.4 of Argos has been released (also: the mailing list is finally working!)
|
June 2006
Version 1.6.2 of Streamline / FFPF has been released
|
November 2005
Here is a layman's introduction to computer worms (in Dutch, contains mini-tutorial on buffer overflow exploits).
|