nebelwelt.net logo

Journal and Magazine Publications

Control-Flow Integrity: Protection, Security, and Performance
Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer.
In CSUR'17: ACM Computing Surveys, 2017

Automatic Contract Insertion with CCBot
Scott A. Carr, Francesco Logozzo, and Mathias Payer.
In TSE'16: IEEE Transactions on Software Engineering, 2016 (DOI, source)

Creating Complex Congestion Patterns via Multi-objective Optimal Freeway Traffic Control with Application to Cyber-Security
Jack Reilly, Sebastien Martin, Mathias Payer, and Alexandre M. Bayen.
In TRB'16: Elsevier Transportation Research Part B: Methodological, 2016 (DOI)

What You Submit is Who You Are: A Multi-Modal Approach for Deanonymizing Scientific Publications
Mathias Payer, Ling Huang, Neil Zhenqiang Gong, Kevin Borgolte, and Mario Frank.
In TIFS'14: IEEE Transactions on Information Forensics and Security, 2014 (DOI)

Eternal War in Memory
Laszlo Szekeres, Mathias Payer, Tao Wei, and R. Sekar.
In SP'14: IEEE Security and Privacy Magazine, Vol. 12, No. 3, May 2014, 2014 (DOI)

Conference Proceedings

Protecting Bare-metal Embedded Systems with Privilege Overlays (to appear)
Abraham A Clements, Naif Saleh Almakhdhub, Khaled Saab, Prashast Srivastava, Jinkyu Koo, Saurabh Bagchi, and Mathias Payer.
In Oakland'17: IEEE International Symposium on Security and Privacy, 2017

One Process to Reap Them All: Garbage Collection As A Service (to appear)
Ahmed Hussein, Mathias Payer, Antony L. Hosking, and Christopher A. Vick.
In VEE'17: ACM International Conference on Virtual Execution Environments, 2017

DataShield: Configurable Data Confidentiality and Integrity
Scott A. Carr, and Mathias Payer.
In AsiaCCS'17: ACM Symp. on InformAtion, Computer and Communications Security, 2017 (DOI, source)

Memory Safety for Embedded Devices with nesCheck
Daniele Midi, Mathias Payer, and Elisa Bertino.
In AsiaCCS'17: ACM Symp. on InformAtion, Computer and Communications Security, 2017 (DOI, source)

REV.NG: A Unified Binary Analysis Framework for CFG and Function Boundaries Recovery
Alessandro Di Federico, Mathias Payer, and Giovanni Agosta.
In CC'17: International Conference on Compiler Construction, 2017 (DOI, source)

An Evil Copy: How the Loader Betrays You
Xinyang Ge, Mathias Payer, and Trent Jaeger.
In NDSS'17: Network and Distributed System Security Symposium, 2017 (DOI)

Enforcing Least Privilege Memory Views for Multithreaded Applications
Terry Ching-Hsiang Hsu, Kevin Hoffman, Patrick Eugster, and Mathias Payer.
In CCS'16: ACM Conf on Computer and Communication Security, 2016 (DOI, source)

TypeSanitizer: Practical Type Confusion Detection
Istvan Haller, Yuseok Jeon, Hui Peng, Mathias Payer, Herbert Bos, Cristiano Giuffrida, and Erik van der Kouwe.
In CCS'16: ACM Conf on Computer and Communication Security, 2016 (DOI, source)

Forgery-Resistant Touch-based Authentication on Mobile Devices
Neil Zhenqiang Gong, Mathias Payer, Reza Moazzezi, and Mario Frank.
In AsiaCCS'16: ACM Symp. on InformAtion, Computer and Communications Security, 2016 (presentation, DOI)

HexPADS: a platform to detect "stealth" attacks
Mathias Payer.
In ESSoS'16: Int'l. Symp. on Eng. Secure Software and Systems, 2016 (presentation, artifact evaluation award, source, DOI)

VTrust: Regaining Trust on Your Virtual Calls
Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, and Dawn Song.
In NDSS'16: Network and Distributed System Security Symposium, 2016 (DOI)

Fine-Grained Control-Flow Integrity for Kernel Software
Xinyang Ge, Nirupama Talele, Mathias Payer, and Trent Jaeger.
In EuroS&P'16: IEEE European Symposium on Security and Privacy, 2016 (DOI)

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity
Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross.
In SEC'15: 24th Usenix Security Symposium, 2015 (source)

Fine-Grained Control-Flow Integrity through Binary Hardening
Mathias Payer, Antonio Barresi, and Thomas R. Gross.
In DIMVA'15: 12th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, 2015 (presentation, DOI)

Don't Race the Memory Bus: Taming the GC Leadfoot
Ahmed Hussein, Antony L. Hosking, Mathias Payer, and Christopher A. Vick.
In ISMM'15: ACM SIGPLAN International Symposium on Memory Management, 2015 (DOI)

Impact of GC Design on Power and Performance for Android
Ahmed Hussein, Mathias Payer, Antony L. Hosking, and Christopher A. Vick.
In SYSTOR'15: 8th ACM International Systems and Storage Conference, 2015 (DOI)

On Cybersecurity of Freeway Control Systems: Analysis of Coordinated Ramp Metering Attacks
Jack Reilly, Sebastien Martin, Mathias Payer, and Alexandre Bayen.
In TRB'14: Transportation Research Board, 2014

Code-Pointer Integrity
Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, Dawn Song, and R. Sekar.
In OSDI'14: 11th Usenix Symposium on Operating Systems Design and Implementation, 2014 (source)

The Matter of Heartbleed
Zakir Durumeric, James Kasten, Frank Li, Nicolas Weaver, Vern Paxson, Michael Bailey, J. Alex Halderman, Jethro Beekman, Johanna Amann, Mathias Payer, and David Adrian.
In IMC'14: ACM Internet Measurement Conference, 2014 (best paper award, DOI)

JIGSAW: Protecting Resource Access by Inferring Programmer Intentions
Hayawardh Vijayakumar, Xinyang Ge, Mathias Payer, and Trent Jaeger.
In SEC'14: 23rd Usenix Security Symposium, 2014

HI-CFG: Construction by Binary Analysis, and Application to Attack Polymorphism
Dan Caselden, Alex Bazhanyuk, Mathias Payer, Stephen McCamant, and Dawn Song.
In ESORICS'13: European Symposium on Research in Computer Security, 2013 (presentation, source, DOI)

Hot-Patching a Web Server: a Case Study of ASAP Code Repair
Mathias Payer, and Thomas R. Gross.
In PST'13: IEEE Conference on Privacy, Security, and Trust, 2013 (presentation, best paper award, DOI)

Lightweight Memory Tracing
Mathias Payer, Enrico Kravina, and Thomas R. Gross.
In ATC'13: Usenix Annual Technical Conference, 2013 (presentation, source)

SoK: Eternal war in memory
Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song.
In Oakland'13: IEEE International Symposium on Security and Privacy, 2013 (DOI)

Protecting Applications Against TOCTTOU Races by User-Space Caching of File Metadata
Mathias Payer, and Thomas R. Gross.
In VEE'12: ACM International Conference on Virtual Execution Environments, 2012 (presentation, source, DOI)

Safe Loading - A Foundation for Secure Execution of Untrusted Programs
Mathias Payer, Tobias Hartmann, and Thomas R. Gross.
In Oakland'12: IEEE International Symposium on Security and Privacy, 2012 (presentation, source, DOI)

Fine-grained user-space security through virtualization
Mathias Payer, and Thomas R. Gross.
In VEE'11: ACM International Conference on Virtual Execution Environments, 2011 (presentation, source, DOI)

Performance evaluation of adaptivity in software transactional memory
Mathias Payer, and Thomas R. Gross.
In ISPASS'11: International Symposium on Performance Analysis of Systems and Software, 2011 (presentation, source, DOI)

Generating low-overhead dynamic binary translators
Mathias Payer, and Thomas R. Gross.
In SYSTOR'10: 4th ACM International Systems and Storage Conference, 2010 (presentation, source, DOI)

Online optimization driven by hardware performance monitoring
Florian T. Schneider, Mathias Payer, and Thomas R. Gross.
In PLDI'07: ACM International Conference on Programming Language Design and Implementation, 2007 (DOI)

Workshop Proceedings

libdetox: A Framework for Online Program Transformation
Mathias Payer.
In FEAST'16: Forming an Ecosystem Around Software Transformation, 2016

PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution
Andreas Follner, Alexandre Bartel, Hui Peng, Yu-Chen Chang, Kyriakos Ispoglou, Mathias Payer, and Eric Bodden.
In STM'16: 12th International Workshop on Security and Trust Management, 2016 (DOI)

malWASH: Washing malware to evade dynamic analysis
Kyriakos Ispoglou, and Mathias Payer.
In WOOT'16: 10th Usenix Workshop on Offensive Technologies, 2016

CAIN: Silently Breaking ASLR in the Cloud
Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross.
In WOOT'15: 9th Usenix Workshop on Offensive Technologies, 2015 (advisory, blog post)

The Correctness-Security Gap in Compiler Optimization
Vijay D'Silva, Mathias Payer, and Dawn Song.
In LangSec'15: 2nd Language-theoretic Security IEEE Security and Privacy Workshop, 2015 (presentation, best paper award, DOI)

DynSec: On-the-fly Code Rewriting and Repair
Mathias Payer, Boris Bluntschli, and Thomas R. Gross.
In HotSWUp'13: 5th Usenix Workshop on Hot Topics in Software Upgrades, 2013 (presentation)

String Oriented Programming: When ASLR is Not Enough
Mathias Payer, and Thomas R. Gross.
In PPREW'13: Program Protection and Reverse Engineering Workshop, 2013 (presentation, DOI)

LLDSAL: A Low-Level Domain-Specific Aspect Language for Dynamic Code-Generation and Program Modification
Mathias Payer, Boris Bluntschli, and Thomas R. Gross.
In DSAL'12: 7th AOSD workshop on Domain-Specific Aspect Languages, 2012 (presentation, DOI)

Requirements for Fast Binary Translation
Mathias Payer, and Thomas R. Gross.
In AMAS-BT'09: 2nd Workshop on Architectural and Microarchitectural Support for Binary Translation, 2009 (presentation, source)

Technical Reports and Hacker Conferences

Memory Corruption: Why We Can't Have Nice Things
Mathias Payer.
In BalCCon'16: 4th Balkan Computer Congress, 2016 (presentation, source)

New memory corruption attacks: why can't we have nice things?
Mathias Payer.
In 32c3'15: 32th Chaos Communication Congress, 2015 (presentation, source, talk)

Silently Breaking ASLR in the Cloud
Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross.
In BHEU'15: BlackHat Europe, 2015 (presentation)

Code-Pointer Integrity
Mathias Payer.
In 31c3'14: 31th Chaos Communication Congress, 2014 (presentation, talk)

Similarity-based matching meets Malware Diversity
Mathias Payer, Stephen Crane, Per Larsen, Stefan Brunthaler, Richard Wartell, and Michael Franz.
In TR'14: arXiv Technical Report, 2014 (arXiv Technical Report 2014)

Lockdown: Dynamic Control-Flow Integrity
Mathias Payer, Antonio Barresi, and Thomas R. Gross.
In TR'14: ETH Zurich Technical Report 2014, 2014 (DOI)

Embracing the New Threat: Towards Automatically Self-Diversifying Malware
Mathias Payer.
In SyScan'14: Symposium on Security for Asia Network, 2014 (presentation, source, first blog post, second blog post)

WarGames in Memory
Mathias Payer.
In 30c3'13: 30th Chaos Communication Congress, 2013 (presentation, talk)

Triggering Deep Vulnerabilities Using Symbolic Execution
Mathias Payer.
In 30c3'13: 30th Chaos Communication Congress, 2013 (presentation, talk, blog post)

Transformation-Aware Symbolic Execution for System Test Generation
Stephen McCamant, Mathias Payer, Dan Caselden, Alex Bazhanyuk, and Dawn Song.
In TR'13: University of California Berkeley Technical Report, Technical Report No. UCB/EECS-2013-125, 2013

Transformation-aware Exploit Generation using a HI-CFG
Dan Caselden, Alex Bazhanyuk, Mathias Payer, Stephen McCamant, and Dawn Song.
In TR'13: University of California Berkeley Technical Report, Technical Report No. UCB/EECS-2013-85, 2013

Too much PIE is bad for performance
Mathias Payer.
In TR'12: ETH Zurich Technical Report, 2012

String Oriented Programming - Circumventing ASLR, DEP, and Other Guards
Mathias Payer.
In 28c3'11: 28th Chaos Communication Congress, 2011 (presentation, talk)

I Control Your Code - Attack Vectors Through the Exes of Software-based Fault Isolation
Mathias Payer.
In 27c3'10: 27th Chaos Communication Congress, 2010 (presentation, talk)

adaptSTM - An Online Fine-Grained Adaptive STM System
Mathias Payer, and Thomas R. Gross.
In TR'10: ETH Zurich Technical Report, 2010 (source)

secuBT: Hacking the Hackers with User-Space Virtualization
Mathias Payer.
In 26c3'09: 26th Chaos Communication Congress, 2009 (presentation, talk, source)

Theses

Safe Loading and Efficient Runtime Confinement: A Foundation for Secure Execution
Mathias Payer.
In ETH Zurich Dr. sc. Thesis, 2012

Adaptive Optimization Using Hardware Performance Monitors
Mathias Payer.
In ETH Zurich Master Thesis, 2006 (presentation)

Building a client/server multimedia-kiosk using pxe, root-over-nfs, mozilla, and a CMS a.k.a. Multimedia Kiosk revisited
Mathias Payer.
In ETH Zurich Term project report, 2005

Implementation of a Bluetooth Stack for BTnodes and Nut/OS Version 0.9
Mathias Payer.
In ETH Zurich Term project report, 2004