Publications

Experience Report: An Empirical Study of PHP Security Mechanism Usage

2015 - Johannes Dahse, Thorsten Holz

International Symposium on Software Testing and Analysis (ISSTA) [PDF]

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

2015 - Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz

36th IEEE Symposium on Security and Privacy (Oakland), San Jose, May 2015 [PDF]

Cross-Architecture Bug Search in Binary Executables

2015 - Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow, Thorsten Holz

36th IEEE Symposium on Security and Privacy (Oakland), San Jose, May 2015 [PDF]

VC3: Trustworthy Data Analytics in the Cloud using SGX

2015 - Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz , Mark Russinovich

36th IEEE Symposium on Security and Privacy (Oakland), San Jose, May 2015 [PDF]

A Practical Investigation of Identity Theft Vulnerabilities in Eduroam

2015 - Sebastian Brenza, Andre Pawlowski, Christina Pöpper

In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec), 2015 [Project Webpage] [PDF]

Retaining Control over SDN Network Services

2015 - Christian Röpke, Thorsten Holz

International Conference on Networked Systems (NetSys), 2015

Tactile One-Time Pad: Leakage-Resilient Authentication for Smartphones

2015 - Sebastian Uellenbeck, Thomas Hupperich, Christopher Wolf, Thorsten Holz

Financial Cryptography and Data Security 2015 [pdf]

Leveraging Semantic Signatures for Bug Search in Binary Programs

2014 - Jannik Pewny, Felix Schuster, Lukas Bernhard, Christian Rossow, Thorsten Holz

An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014 [PDF]

Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs

2014 - Robert Gawlik, Thorsten Holz

An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014 [GitHub] [PDF]

Using Automatic Speech Recognition for Attacking Acoustic CAPTCHAs: The Trade-off between Usability and Security

2014 - Hendrik Meutzner, Viet Hung Nguyen, Thorsten Holz, Do­ro­thea Kolossa

An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014 - ** Outstanding Paper Award ** [PDF]

The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements

2014 - Apostolis Zarras, Alexandros Kapravelos, Gianluca Stringhini, Thorsten Holz, Christopher Kruegel, Giovanni Vigna

14th ACM SIGCOMM Internet Measurement Conference (IMC), Vancouver, Canada, November 2014 [PDF]

Code Reuse Attacks in PHP: Automated POP Chain Generation

2014 - Johannes Dahse, Nikolai Krein, Thorsten Holz

21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA, November 2014 - ** Best Student Paper Award ** [PDF]

You Can Run but You Can’t Read: Preventing Disclosure Exploits in Executable Code

2014 - Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, Jannik Pewny

21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA, November 2014 [PDF]

The Art of False Alarms in the Game of Deception: Leveraging Fake Honeypots for Enhanced Security

2014 - Apostolis Zarras

48th IEEE International Carnahan Conference on Security Technology (ICCST), Rome, Italy, October 2014 [PDF]

CloudSylla: Detecting Suspicious System Calls in the Cloud

2014 - Marc Kührer, Johannes Hoffmann, Thorsten Holz

16th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Paderborn, Germany, September 2014 [PDF]

Evaluating the Effectiveness of Current Anti-ROP Defenses

2014 - Felix Schuster, Thomas Tendyck, Jannik Pewny, Andreas Maaß, Martin Steegmanns, Moritz Contag, Thorsten Holz

Re­se­arch in At­tacks, In­tru­si­ons and De­fen­ses (RAID) Sym­po­si­um, Gothenburg, Sweden, September 2014 [PDF]

On Emulation-Based Network Intrusion Detection Systems

2014 - Ali Abbasi, Jos Wetzels, Wouter Bokslag, Emmanuele Zambon, Sandro Etalle

17th International Symposium on Research in Attacks, Intrusions and Defences (RAID) [PDF]

Paint it Black: Evaluating the Effectiveness of Malware Blacklists

2014 - Marc Kührer, Christian Rossow, Thorsten Holz

Re­se­arch in At­tacks, In­tru­si­ons and De­fen­ses (RAID) Sym­po­si­um, Gothenburg, Sweden, September 2014 [PDF]

Static Detection of Second-Order Vulnerabilities in Web Applications

2014 - Johannes Dahse, Thorsten Holz

23rd USENIX Security Symposium, San Diego, CA, USA, August 2014 - ** Internet Defense Prize by Facebook ** [PDF]

Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data

2014 - Sebastian Vogl, Robert Gawlik, Behrad Garmany, Thomas Kittel, Jonas Pfoh, Claudia Eckert, Thorsten Holz

23rd USENIX Security Symposium, San Diego, CA, USA, August 2014 [PDF]
Page: