Projects

Binary Armoring

CodeArmor

A binary-level solution for high-frequency code re-randomization.

TypeArmor

A binary-level solution against advanced code-reuse attacks.

MvArmor

Secure and efficient Multivariant execution for binaries.

PathArmor

A practical context-sensitive CFI solution for binaries.

StackArmor

A binary-level solution against stack-based memory errors.

Binary and Malware Analysis

Disassembly

Disassembly analysis on full-Scale x86/x64 binaries.

Compiler-Agnostic Function Detection

Compiler-agnostic function detection for binaries.

Hardware Vulnerabilities

FPVI & SCSB

Rage against the Machine Clear: A systematic analysis of Machine Clears and their implications for transient execution attacks.

SMASH

Synchronized MAny-Sided Hammering from JavaScript.

TRRespass

Many-sided Rowhammer to bypass TRR mitigations on DDR4 DRAM chips.

NetCAT

Cache side-channel attacks over the network.

ECCploit

Rowhammer attacks on ECC-enabled systems.

Throwhammer

Rowhammer attacks over the network and defenses.

GLitch

Accelerating microarchitectural attacks with the GPU.

Flip Feng Shui

Cross-VM attacks abusing hardware vulnerabilities.

Drammer

Deterministic Rowhammer exploitation on mobile devices.

Mobile Security

BAndroid

How Google killed two-factor authentication.

Side Channels

BlindSide

Hacking Blind in the Spectre era.

CrossTalk

Speculative data leaks across CPU cores are real.

RIDL

RIDL is a new class of speculative execution attacks where an attacker can steal any “in-flight” data.

TLBleed

Employing the TLB in a novel sidechannel that doesn’t use the cache.

XLATE

XLATE (translate) attacks reprogram the MMU to mount an indirect cache attack.

Dedup Est Machina

Memory deduplication  as an advanced exploitation vector.

Nowhere to Hide

Thread spraying, allocation oracles, and defenses (MemSentry).

AnC

Side channeling the MMU for breaking ASLR in the browser.

VUsion

Protecting memory deduplication against side-channel and Rowhammer attacks.

Software Exploitation

Newton

Run-time gadget-discovery framework.

PIROP

Return-Oriented Programming without information disclosure.

Software Reliability

OSIRIS

Operating System with Integrated Recovery preventing Inconsistent State.

Software Testing and Sanitizers

VUzzer

Application-aware evolutionary fuzzing.

kMVX

Kernel Multi-Variant eXecution.

Delta Pointers

Fast buffer overflow detection without branches.

DangSan

Scalable use-after-free detection.

SafeInit

Practical mitigation of uninitialized read vulnerabilities.

TypeSan

Practical type confusion detection.

Validity of Research

Threats to Validity in Security Research

A not-entirely-comprehensive of things you should not do in security research.

Benchmarking Crimes

Benchmarking crimes in systems security research.

Prudent Practices in Malware Experiments

Prudent practices for designing malware experiments.

vusec-logo_large

Systems and Network Security Group at VU Amsterdam