Publications

Securing the E-Health Cloud

2010 - Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

Proceedings of the 1st ACM International Health Informatics Symposium (IHI 2010), ACM, 2010. [pdf] [Bibtex]

Privilege Escalation Attacks on Android.

2010 - Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy

Information Security, 13th International Conference, ISC 2010, LNCS 6531/2011, pp. 346-360, Springer 2011. [Bibtex] [PDF]

A Malware Instruction Set for Behavior-Based Analysis

2010 - Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Ber­lin, Ger­ma­ny, Oc­to­ber 2010 [PDF]

Towards secure deletion on smartphones

2010 - Michael Spreitzenbarth, Thorsten Holz

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Berlin, Germany, October 2010 [PDF]

Return-Oriented Programming without Returns

2010 - Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy

17th ACM Conference on Computer and Communications Security (CCS 2010) [PDF]

Abusing Social Networks for Automated User Profiling

2010 - Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, Christopher Kruegel

13th International Symposium on Recent Advances in Intrusion Detection (RAID), Ottawa, Canada, September 2010 [PDF]

Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments

2010 - Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel Winandy

Proceedings of 5th Annual Workshop on Scalable Trusted Computing (STC 2010), ACM 2010. [PDF]

Token-Based Cloud Computing -- Secure Outsourcing of Data and Arbitrary Computations with Lower Latency

2010 - Ahmad-Reza Sadeghi, Thomas Schneider, Marcel Winandy

3rd International Conference on Trust and Trustworthy Computing (TRUST'10) - Workshop on Trust in the Cloud, June 22, Berlin, Germany. [Trust2010.org] [PDF]

Is the Internet for Porn? An Insight Into the Online Adult Industry

2010 - Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda, Christopher Kruegel

Workshop on the Economics of Information Security (WEIS), Harvard University, USA, June 2010 [PDF]

A Practical Attack to De-Anonymize Social Network Users

2010 - Gilbert Wondracek, Thorsten Holz, Engin Kirda, Christopher Kruegel

IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2010 [PDF]

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries

2010 - Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, Engin Kirda

IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2010 [PDF]

ADSandbox: Sandboxing JavaScript to Fight Malicious Websites

2010 - Andreas Dewald, Thorsten Holz, Felix C. Freiling

ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010 [PDF]

Botzilla: Detecting the "Phoning Home" of Malicious Software

2010 - Konrad Rieck, Guido Schwenk, Tobias Limmer, Thorsten Holz, Pavel Laskov

ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010 [PDF]

Cooperation enablement for centralistic early warning systems

2010 - Ulrich Flegel, Johannes Hoffmann, Michael Meier

ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010 [PDF]

Pat­terns for Se­cu­re Boot and Se­cu­re Sto­r­a­ge in Com­pu­ter Sys­tems

2010 - Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

4th In­ter­na­tio­nal Work­shop on Se­cu­re sys­tems me­tho­do­lo­gies using pat­terns (SPat­tern 2010), In Proceedings of ARES 2010: International Conference on Availability, Reliability and Security, pp.569-573, IEEE Computer Society, 2010 [pdf]

The InMAS Approach

2010 - Markus Engelberth, Felix Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Ralf Hund, Philipp Trinius, Carsten Willems

1st European Workshop on Internet Early Warning and Network Intelligence (EWNI'10) [PDF]

Trusted virtual domains - design, implementation and lessons learned.

2009 - Ahmad-Reza Sadeghi, Gianluca Ramunno, Dirk Kuhlmann, Konrad Eriksson, Luigi Catuogno, Alexandra Dmitrienko, Jing Zhan, Steffen Schulz, Marcel Winandy, Matthias Schunter

International Conference on Trusted Systems (INTRUST) 2009. [pdf] [bibtex]

Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-Oriented Programming Attacks.

2009 - Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy

STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 49-54, ACM, 2009. [pdf]

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication.

2009 - Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 19-28, ACM, 2009. [pdf]

Software distribution as a malware infection vector

2009 - Felix Gröbert, Ahmad-Reza Sadeghi, Marcel Winandy

International Conference for Internet Technology and Secured Transactions (ICITST 2009) [Bibtex]

Walowdac - Analysis of a Peer-to-Peer Botnet

2009 - Ben Stock, Jan Göbel, Markus Engelberth, Felix Freiling, Thorsten Holz

European Conference on Computer Network Defense (EC2ND), Milan, Italy, November 2009 [pdf]

Transparent Mobile Storage Protection in Trusted Virtual Domains

2009 - Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Marcel Winandy

23rd Large Installation System Administration Conference (LISA '09), p. 159--172, USENIX Association, 2009. [pdf]

Visual Analysis of Malware Behavior (Short paper)

2009 - Philipp Trinius, Thorsten Holz, Jan Göbel, Felix Freiling

Workshop on Visualization for Cyber Security (VizSec), Atlantic City, NJ, USA, October 2009 [pdf]

Automatically Generating Models for Botnet Detection

2009 - Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Göbel, Christopher Kruegel, Engin Kirda

Eu­ropean Sym­po­si­um on Re­se­arch in Com­pu­ter Se­cu­ri­ty (ESO­RICS), Saint Malo, France, September 2009 [pdf]

Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones

2009 - Thorsten Holz, Markus Engelberth, Felix Freiling

Eu­ropean Sym­po­si­um on Re­se­arch in Com­pu­ter Se­cu­ri­ty (ESO­RICS), Saint Malo, France, September 2009 [pdf]

A Pattern for Secure Graphical User Interface Systems.

2009 - Thomas Fischer, Ahmad-Reza Sadeghi, Marcel Winandy

3rd International Workshop on Secure systems methodologies using patterns (SPattern 2009), in DEXA '09: Proceedings of the 20th International Workshop on Database and Expert Systems Application, p.186-190, IEEE Computer Society, 2009. [pdf] [bibtex]

Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms

2009 - Ralf Hund, Thorsten Holz, Felix Freiling

USENIX Security Symposium, Montreal, Canada, August 2009 [PDF]

Towards Proactive Spam Filtering (Extended Abstract)

2009 - Jan Göbel, Thorsten Holz, Philipp Trinius

Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Milan, Italy, July 2009 [pdf]

Einsatz von Sicherheitskernen und Trusted Computing.

2009 - Ahmad-Reza Sadeghi, Marcel Winandy,

D-A-CH Security 2009, Bochum, Germany. [pdf]

Frühe Warnung durch Beobachten und Verfolgen von bösartiger Software im Deutschen Internet: Das Internet-Malware-Analyse System (InMAS)

2009 - Markus Engelberth, Felix Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Philipp Trinius, Carsten Willems

11. Deutscher IT-Sicherheitskongress des Bundesamtes für Sicherheit in der Informationstechnik (BSI), Bonn, May 2009 [PDF]

Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels.

2009 - Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy

TRUST 2009: Proceedings of the 2nd International Conference on Trusted Computing, LNCS 5471, p. 45-62 Springer, 2009. [pdf]

Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing.

2009 - Hans Löhr, Ahmad-Reza Sadeghi, Claire Vishik, Marcel Winandy

Proceedings of 5th Information Security Practice and Experience Conference (ISPEC'09), LNCS 5451, p. 396-407, Springer, 2009. [pdf]

MalOffice - Detecting malicious documents with combined static and dynamic analysis

2009 - Markus Engelberth, Carsten Willems, Thorsten Holz

Virus Bulletin Conference, Geneva, Switzerland, September 2009 [Presentation]

Towards Next-Generation Botnets

2008 - Ralf Hund, Matthias Hamann, Thorsten Holz

European Conference on Computer Network Defense (EC2ND), Dublin, Ireland, December 2008 [PDF]

Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains

2008 - Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Rani Husseiki, Yacine Gasmi, Patrick Stewin, Martin Unger

STC '08: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, p. 71-80, ACM, 2008. [pdf]

As the Net Churns: Fast-Flux Botnet Observations

2008 - Jose Nazario, Thorsten Holz

International Conference on Malicious and Unwanted Software, October 2008 [pdf]

Reconstructing Peoples Lives: A Case Study in Teaching Forensic Computing

2008 - Felix Freiling, Thorsten Holz, Martin Mink

In­ter­na­tio­nal Con­fe­rence on IT Se­cu­ri­ty In­ci­dent Ma­nage­ment & IT Fo­ren­sics (IMF), Mannheim, Ger­ma­ny, September 2008 [pdf]

Property-Based TPM Virtualization

2008 - Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Information Security, 11th International Conference, ISC 2008, LNCS 5222, p. 1-16, Springer, 2008. [pdf] [bibtex]

Sicherheitsprobleme elektronischer Wahlauszählungssysteme in der Praxis

2008 - Yacine Gasmi, Christian Hessmann, Martin Pittenauer, Marcel Winandy

INFORMATIK 2008, Beherrschbare Systeme - dank Informatik, Band 1, Beiträge der 38. Jahrestagung der Gesellschaft für Informatik e.V. (GI), LNI 133, GI, 2008.

Learning and Classification of Malware Behavior

2008 - Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Paris, France, July 2008 [PDF]

Studying Malicious Websites and the Underground Economy on the Chinese Web

2008 - Jianwei Zhuge, Thorsten Holz, Chengyu Song, Jinpeng Guo, Xinhui Han, Wei Zou

Work­shop on the Eco­no­mics of In­for­ma­ti­on Se­cu­ri­ty (WEIS), Hanover, NH, USA, June 2008 [pdf]

Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm

2008 - Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix C. Freiling

USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Francisco, CA, April 2008 [pdf]

Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients

2008 - Ali Ikinci, Thorsten Holz, Felix Freiling

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Saarbrücken, April 2008 - **Best Paper Award** [pdf]

Rishi: Identifizierung von Bots durch Auswerten der IRC Nicknamen

2008 - Jan Göbel, Thorsten Holz

DFN-CERT Work­shop "Si­cher­heit in ver­netz­ten Sys­te­men", Ham­burg, February 2008 [pdf]

Measuring and Detecting Fast-Flux Service Networks

2008 - Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix Freiling

Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2008 [pdf]

Collecting Autonomous Spreading Malware Using High-Interaction Honeypots

2007 - Jianwei Zhuge, Thorsten Holz, Xinhui Han, Chengyu Song, Wei Zou

International Conference on Information and Communications Security (ICICS), LNCS 4861, Zhengzhou, China, December 2007 [pdf]

Measurement and Analysis of Autonomous Spreading Malware in a University Environment

2007 - Thorsten Holz, Jan Goebel, Carsten Willems

Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Lucerne, Switzerland, July 2007 [PDF]

Trusted User-Aware Web Authentication

2007 - Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy,

Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007. [PDF]

Compartmented Security for Browsers – Or How to Thwart a Phisher with Trusted Computing

2007 - Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

In Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES 2007), Vienna, Austria, April 10-13, 2007, pages 120-127. IEEE Computer Society, 2007. [pdf]

Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation

2007 - Jan Göbel, Thorsten Holz

USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), Cambridge, MA, April 2007 [pdf]
Page: