Selected Publications

ACM Conference on Computer and Communications Security (CCS), 2016

Dissertation, 2015

IEEE Symposium on Security and Privacy (S&P), 2015

IEEE Symposium on Security and Privacy (S&P), 2014

Annual Computer Security Applications Conference (ACSAC), 2012

All Publications

. When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries.. Network and Distributed System Security Symposium (NDSS), 2018.

PDF

. Static Program Analysis as a Fuzzing Aid. Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 2017.

PDF

. Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery. USENIX Workshop on Offensive Technologies (WOOT), 2017.

PDF

. Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing. USENIX Workshop on Offensive Technologies (WOOT), 2017.

PDF

. Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks. ACM Asia Conference on Computer and Communications Security (ASIACCS), 2017.

PDF

. Efficient and Flexible Discovery of PHP Application Vulnerabilities. IEEE European Symposium on Security and Privacy (EuroS&P), 2017.

PDF

. Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-bit Platforms. ACM Conference on Computer and Communications Security (CCS), 2016.

PDF

. Comprehensive Analysis and Detection of Flash-based Malware. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2016.

PDF

. Towards Vulnerability Discovery Using Staged Program Analysis. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2016.

PDF

. Pattern-Based Vulnerability Discovery. Dissertation, 2015.

PDF

. Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols. International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2015.

PDF

. VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits. ACM Conference on Computer and Communications Security (CCS), 2015.

PDF

. De-anonymizing Programmers via Code Stylometry. USENIX Security Symposium (SEC), 2015.

PDF

. Automatic Inference of Search Patterns for Taint-Style Vulnerabilities. IEEE Symposium on Security and Privacy (S&P), 2015.

PDF

. Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication. ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2015.

PDF

. Modeling and Discovering Vulnerabilities with Code Property Graphs. IEEE Symposium on Security and Privacy (S&P), 2014.

PDF

. Chucky: Exposing Missing Checks in Source Code for Vulnerability Discovery. ACM Conference on Computer and Communications Security (CCS), 2013.

PDF

. Structural Detection of Android Malware using Embedded Call Graphs. Workshop on Artificial Intelligence and Security (AISEC), 2013.

PDF

. Generalized Vulnerability Extrapolation using Abstract Syntax Trees. Annual Computer Security Applications Conference (ACSAC), 2012.

PDF

. Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities using Machine Learning. USENIX Workshop on Offensive Technologies (WOOT), 2011.

PDF

Awards

  • 2016: CAST/GI Dissertation Award
  • 2016: German Prize for IT Security 2016 (2nd place)
  • 2016: Best Paper Award at DIMVA
  • 2012: Outstanding Paper Award at ACSAC
  • 2001: Ars Digita Prize

Services

  • 2018: PC Member - ACSAC, GreHack, ICIMP
  • 2017: PC Member - ACSAC, ROOTS
  • 2016: PC Member - ARES, IMPS, STM
  • 2015: PC Member - ARES, ECTCM
  • 2015: Publicity Co-Chair: SECURECOMM
  • 2014: PC Member - WOOT, ECTCM

Contact