SHARCS SHARCS

Secure Hardware-Software Architectures for Robust Computing Systems

Deliverables

  • Deliverable D1.1: Website and collaboration tools (March 2015). Icon pdf (1.1 MB)
  • Deliverable D2.1: SHARCS Applications and framework requirements for secure-by-design systems (January 2016).  Icon pdf (6.2 MB)
  • Deliverable D3.1: SHARCS System architectures and requirements (January 2016). Icon pdf (2.0 MB)
  • Deliverable D3.2: Design specification of the SHARCS hardware techniques (January 2017). Icon pdf (2.7 MB)
  • Deliverable D4.1: Requirements of the SHARCS Runtime System, Software Tools and Reporting (January 2016). Icon pdf (2.1 MB)
  • Deliverable D4.2: Design specification of the SHARCS runtime system, software tools and reporting (January 2017). Icon pdf (1.1 MB)
  • Deliverable D6.4: Dissemination report, year 2 (January 2017). Icon pdf (31.5 MB)

Publications in Journals & Conferences

2018

  • Giorgos Tsirantonakis, Panagiotis Ilia, Sotiris Ioannidis, Elias Athanasopoulos, and Michalis Polychronakis. A Large-scale Analysis of Content Modification by Open HTTP Proxies. In Proceedings of the Network and Distributed System Security Symposium (NDSS '18). San Diego, USA. February 2018 (To appear)

2017

  • Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrdia. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later. In CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Icon pdf (1.3 MB)
  • Marco Oliverio, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. Secure Page Fusion with VUsion. In SOSP '17 Proceedings of the 26th Symposium on Operating Systems Principles. Icon pdf (781.2 KB)
  • Marinos Tsantekidis, Vassilis Prevelakis. Library-Level Policy Enforcement. In Proceedings of the 11th Conference on Emerging Security Information Systems and Technologies (SECURWARE 2017). Rome, Italy, September 2017. Icon pdf (141.2 KB)
  • Panagiotis Papadopoulos, Giorgos Vasiliadis, Giorgos Christou, Evangelos Markatos, Sotiris Ioannidis. No Sugar but all the Taste! Memory Encryption without Architectural Support. In Proceedings of the 22nd European Symposium on Research in Computer Security (ESORICS 2017). Oslo, Norway, September, 2017. Icon pdf (603.5 KB)
  • Kollenda, B.; Goktas, E.; Blazytko, T.; Koppe, P.; Gawlik, R.; Konoth, R. K.; Giuffrida, C.; Bos, H.; and Holz, T. Towards Automated Discovery of Crash-Resistant Primitives in Binaries. In DSN, June 2017 Icon pdf (229.9 KB)
  • Antonios A. Chariton, Eirini Degkleri, Panagiotis Papadopoulos, Panagiotis Ilia, and Evangelos P. Markatos. CCSP: a Compressed Certificate Status Protocol. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM '17). Atlanta, GA, USA, May 2017. Icon pdf (200.4 KB)
  • Elias P. Papadopoulos, Michalis Diamantaris, Panagiotis Papadopoulos, Thanasis Petsas, Sotiris Ioannidis, Evangelos P. Markatos. The Long-Standing Privacy Debate: Mobile Websites Vs Mobile Apps. In Proceedings of the 26th International World Wide Web Conference (WWW 2017). Perth, Western Australia, April 2017. Icon pdf (1.1 MB)
  • Van Schaik, S.; Razavi, K.; Gras, B.; Bos, H.; and Giuffrida, C. RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches. In EuroSec, April 2017. Icon pdf (405.8 KB)
  • Koen Koning, Xi Chen, Herbert Bos, Cristiano Giuffrida, Elias Athanasopoulos. No Need to Hide: Protecting Safe Regions on Commodity Hardware. EuroSys '17 Proceedings of the Twelfth European Conference on Computer Systems. Icon pdf (391.5 KB)
  • Van der Kouwe, E.; Nigade, V.; and Giuffrida, C. DangSan: Scalable Use-after-free Detection.  In EuroSys, April 2017. Icon pdf (948.6 KB)
  • X. Chen, H. Bos, C. Giuffrida. CodeArmor: Virtualizing the Code Space to Counter Disclosure Attacks. In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P 2017). Paris, France. April, 2017. Icon pdf (772.9 KB)

  • Robert M. Seepers  ; Wenjin Wang ; Gerard de Haan ; Ioannis Sourdis ; Christos Strydis. Attacks on Heartbeat-Based Security Using Remote Photoplethysmography. In IEEE Journal of Biomedical and Health Informatics ( Volume: PP, Issue: 99 ) Icon pdf (412.5 KB)

  • Panagiotis Ilia, Barbara Carminati, Elena Ferrari, Paraskevi Fragopoulou, Sotiris Ioannidis. SAMPAC: Socially-Aware collaborative Multi-Party Access Control. In Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY). Scottsdale, USA. March 2017. Icon pdf (1.0 MB)
  • S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, H. Bos. VUzzer: Application-aware Evolutionary Fuzzing. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2017). San Diego, California, USA. March 2017. Icon pdf (382.2 KB)
  • A. Pawlowski, M. Contag, V. van der Veen, C. Ouwehand, T. Holz, H. Bos, E. Athanasopoulos, C. Giuffrida. MARX: Uncovering Class Hierarchies in C++ Programs. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2017). San Diego, California, USA. March 2017. Icon pdf (507.9 KB)
  • A. Milburn, H. Bos, C. Giuffrida. SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2017). San Diego, California, USA. March 2017. Icon pdf (233.3 KB)
  • Gras, B.; Razavi, K.; Bosman, E.; Bos, H.; and Giuffrida, C. ASLR on the Line: Practical Cache Attacks on the MMU.  In NDSS, February 2017. Icon pdf (681.2 KB)
  • Eva Papadogiannaki, Lazaros Koromilas, Giorgos Vasiliadis, Sotiris Ioannidis. Efficient Software Packet Processing on Heterogeneous and Asymmetric Hardware Architectures. IEEE/ACM Transactions on Networking. , PP(99), 1-14. January 2017.

  • Robert M. Seepers, Christos Strydis, Ioannis Sourdis, Chris I. De Zeeuw Enhancing Heart-Beat-Based Security for mHealth Applications. In IEEE Journal of Biomedical and Health Informatics ( Volume: 21, Issue: 1, Jan. 2017 ) Icon pdf (945.3 KB)

2016

  • Sarbinowski, P.; Kemerlis, V. P.; Giuffrida, C.; and Athanasopoulos, E. VTPin: Practical VTable Hijacking Protection for Binaries.  In ACSAC, December 2016. Icon pdf (411.0 KB)

  • Haller, I.; Yuseok, J.; Peng, H.; Payer, M.; Giuffrida, C.; Bos, H.; and van der Kouwe, E. TypeSan: Practical Type Confusion Detection.  In CCS, October 2016. Icon pdf (738.0 KB)

  • Miraglia, A.; Vogt, D.; Bos, H.; Tanenbaum, A. S.; and Giuffrida, C. Peeking into the Past: Efficient Checkpoint-assisted Time-traveling Debugging.  In ISSRE, October 2016. Icon pdf (429.0 KB)

  • Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS 2016). Hofburg Palace, Vienna, Austria, October, 2016. Icon pdf (594.3 KB)

  • Eirini Degkleri, Antonios A. Chariton, Panagiotis Ilia, Panagiotis Papadopoulos, Evangelos P. Markatos. Leveraging DNS for timely SSL Certificate Revocation. In 3rd ACM-W Europe Celebration of Women in Computing (womENcourage 2016). Linz, Austria, September 2016. Icon pdf (159.7 KB)

  • Lazaros Koromilas, Giorgos Vasiliadis, Elias Athanasopoulos, Sotiris Ioannidis. GRIM: Leveraging GPUs for Kernel Integrity Monitoring. In Proceedings of the 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). France, Paris, September 2016. Icon pdf (422.1 KB)

  • Karapatis A, Seepers RM, van Dongen M, Serdijn WA, Strydis C. Balancing accuracy, delay and battery autonomy for pervasive seizure detection. In Conf Proc IEEE Eng Med Biol Soc. 2016. Icon pdf (1005.4 KB)

  • D. Andriesse, X. Chen, V. van der Veen, A. Slowinska, and H. Bos. An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries. In Proceedings of the 25th USENIX Security Symposium. Austin, TX, USA. August 2016. Icon pdf (443.8 KB)

  • K. Razavi, B. Gras, E. Bosman, B. Preneel, C. Giuffrida, and H. Bos. Flip Feng Shui: Hammering a Needle in the Software Stack. In Proceedings of the 25th USENIX Security Symposium. Austin, TX, USA. August 2016. Icon pdf (691.7 KB)

  • E. Göktaş, R. Gawlik, B. Kollenda, E. Athanasopoulos, G. Portokalidis, C. Giuffrida, and H. Bos. Undermining Information Hiding (And What to do About it). In Proceedings of the 25th USENIX Security Symposium. Austin, TX, USA. August 2016. Icon pdf (286.6 KB)

  • A. Oikonomopoulos, E. Athanasopoulos, H. Bos, and C. Giuffrida. Poking Holes in Information Hiding. In Proceedings of the 25th USENIX Security Symposium. Austin, TX, USA. August 2016. Icon pdf (277.5 KB)

  • Vassilis Prevelakis and Mohammad Hamad. Controlling Change via Policy Contracts. In Proceedings of the Internet of Things Software Update Workshop (IoTSU 2016). Dublin, Ireland, June 2016. Icon pdf (149.9 KB)
  • Koen Koning, Herbert Bos, Cristiano Giuffrida. Secure and Efficient Multi-variant Execution Using Hardware-assisted Process Virtualization. In Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '16). Toulouse, France, June 2016. Icon pdf (261.0 KB)
  • Koustubha Bhat, Dirk Vogt, Erik van der Kouwe, Ben Gras, Lionel Sambuc, Andrew S. Tanenbaum, Herbert Bos, and Cristiano Giuffrida. OSIRIS: Efficient and Consistent Recovery of Compartmentalized Operating Systems. In Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '16). Toulouse, France, June 2016. Icon pdf (240.2 KB)
  • Vector Erik Bosman, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation. In Proceeding of the 37th IEEE Symposium on Security and Privacy (S&P '16). San Jose, CA, USA, May 2016.
  • Victor van der Veen, Enes Goktas, Moritz Contag, Andre Pawlowski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, and Cristiano Giuffrida. A Tough call: Mitigating Advanced Code-Reuse Attacks at the Binary Level. In Proceeding of the 37th IEEE Symposium on Security and Privacy (S&P '16). San Jose, CA, USA, May 2016. Icon pdf (530.7 KB)
  • Istvan Haller, Erik van der Kouwe, Cristiano Giuffrida, and Herbert Bos. METAlloc: Efficient and Comprehensive Metadata Management for Software Security Hardening. In Proceeding of the European Workshop on System Security (EuroSec '16). London, UK, April 2016.
  • Nick Christoulakis, George Christou, Elias Athanasopoulos and Sotiris Ioannidis. HCFI: Hardware-enforced Control-Flow Integrity. In proceedings of the 6th ACM Conference on Data and Applications Security and Privacy (CODASPY). New Orleans, LA, US, March 2016. Icon pdf (1.9 MB)

2015

  • Istvan Haller, Enes Göktaş, Elias Athanasopoulos, Georgios Portokalidis, and Herbert Bos. ShrinkWrap: VTable protection without loose ends. In proceedings of the 31st Annual Computer Security Applications Conference (ACSAC) (Best Student paper award). Los Angeles, CA, US, December 2015. Icon pdf (371.5 KB)
  • Dirk Vogt, Armando Miraglia, Georgios Portokalidis, Herbert Bos, Andrew S. Tanenbaum, and Cristiano Giuffrida. Speculative Memory Checkpointing. In proceedings of the ACM/IFIP/USENIX Middleware Conference. Vancouver, Canada, December 2015. Icon pdf (449.3 KB)
  • Elias Athanasopoulos, Martin Boehner, Sotiris Ioannidis, Cristiano Giurida, Dmitry Pidan, Vassilis Prevelakis, Ioannis Sourdis, Christos Strydis, John Thomson. SHARCS - Secure Hardware-Software Architectures for Robust Computing Systems. In proceedings of the 6th International Conference on e-Democracy. Athens, Greece. December 2015.
  • Victor van der Veen, Dennis Andriesse, Enes Goktas, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, and Cristiano Giuffrida. Practical Context-sensitive CFI. In proceedings of the ACM Conference on Computer and Communications Security (CCS). Denver, Colorado, US, October 2015. Icon pdf (353.0 KB)
  • Seepers R, Strydis C, Sourdis I, De Zeeuw C. Enhancing Heart-Beat-Based Security for mHealth Applications. IEEE Journal of Biomedical and Health Informatics, issue 99, October 2015.
  • Evangelos Ladakis, Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis, and Georgios Portokalidis. GPU-Disasm: A GPU-based x86 Disassembler. In proceedings of the 18th Information Security Conference (ISC). Trondheim, Norway, September 2015.  Icon pdf (498.8 KB)
  • Robert M. Seepers, Christos Strydis, Ioannis Sourdis and Chris I. De Zeeuw. On Using a Von Neumann Extractor in
    Heart-Beat-Based Security    . In proceedings of the 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15). Helsinki, Finland, August 2015. Icon pdf (3.1 MB)
  • Elias Athanasopoulos, Martin Boehner, Cristiano Giuffrida, Dmitry Pidan, Vassilis Prevelakis, Ioannis Sourdis, Christos Strydis, John Thomson. Increasing the Trustworthiness of Embedded Applications. In Proceedings of the 8th International Conference on Trust & Trustworthy Computing (TRUST 2015). Heraklion, Crete, Greece, August 2015.

Articles

  • Marcel Caria, TU Braunschweig. Cyber-Physical Systems: Closing the Gap between Hardware and Software. ERCIM News No. 106 (Special Theme: Cybersecurity). July 2016 Icon pdf (1.1 MB)
  • Angelos Oikonomopoulos, Cristiano Giuffrida, Sanjay Rawat, Herbert Bos. Binary Rejuvenation: Applications and Challenges. IEEE Security & Privacy, vol.14, no. 1, pp. 68-71, Jan.-Feb. 2016, doi:10.1109/MSP.2016.20  Icon pdf (1.4 MB)
  • EU-funded research to create secure-by-design architectures. HiPEAC Info Newsletter, vol. 42, page 11.  Icon pdf (356.0 KB)
  • Uw hartslag als wachtwoord. Monitor, January 2016. (Dutch) Icon pdf (430.3 KB)
  • Using heartbeats to secure pacemaker communication. HorizonHealth.eu

Posters

  • Eirini Aikaterini Degkleri, Antonios A. Chariton, Panagiotis Ilia, Panagiotis Papadopoulos and Evangelos P. Markatos. Leveraging DNS for timely SSL Certificate Revocation. In 3rd ACM-W Europe Celebration of Women in Computing (womENcourage 2016). Linz, Austria, September 2016.