Skip to content

Latest commit

 

History

History
81 lines (75 loc) · 20.1 KB

readme.md

File metadata and controls

81 lines (75 loc) · 20.1 KB
Raw

Linux Security Papers

NOTE: Do NOT edit this file manually.

List of papers

# year venue title authors links
1 2000 ccs Operating system enhancements to prevent the misuse of system calls. Massimo Bernaschi, Emanuele Gabrielli, Luigi V. Mancini paper BernaschiGM00
2 2000 ndss User-Level Infrastructure for System Call Interposition - A Platform for Intrusion Detection and Confinement. K. Jain, R. Sekar paper JainS00
3 2000 usenix Safety Checking of Kernel Extensions. Craig Metz paper Metz00a
4 2003 ndss Traps and Pitfalls - Practical Problems in System Call Interposition Based Security Tools. Tal, Garfinkel paper Garfinkel03
5 2004 ndss Model Checking One Million Lines of C Code. Hao Chen 0003, Drew Dean, David A. Wagner 0001 paper ChenDW04
6 2004 ndss Ostia - A Delegating Architecture for Secure System Call Interposition. Tal Garfinkel, Ben Pfaff, Mendel Rosenblum paper GarfinkelPR04
7 2004 osdi Recovering Device Drivers (Awarded Best Paper!). Michael M. Swift, Muthukaruppan Annamalai, Brian N. Bershad, Henry M. Levy paper SwiftABL04
8 2004 usenix Trusted Path Execution for the Linux 2.6 Kernel as a Linux Security Module. Niki A. Rahimi paper Rahimi04
9 2004 uss Finding User/Kernel Pointer Bugs with Type Inference. Robert Johnson, David A. Wagner 0001 paper JohnsonW04
10 2005 ndss A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities. Shuo Chen, John Dunagan, Chad Verbowski, Yi-Min Wang paper ChenDVW05
11 2006 eurosys Thorough static analysis of device drivers. Thomas Ball, Ella Bounimova, Byron Cook, Vladimir Levin, Jakob Lichtenberg, Con McGarvey, Bohus Ondrusek, Sriram K. Rajamani, Abdullah Ustuner paper BallBCLLMORU06
12 2006 osdi XFI - Software Guards for System Address Spaces. Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, George C. Necula paper ErlingssonAVBN06
13 2007 ccs Automated detection of persistent kernel control-flow attacks. Nick L. Petroni Jr., Michael W. Hicks paper PetroniH07
14 2007 eurosys Sealing OS processes to improve dependability and safety. Galen C. Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James R. Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, Ted Wobber paper HuntAFHHLLSTW07
15 2007 sosp Information flow control for standard OS abstractions. Maxwell N. Krohn, Alexander Yip, Micah Z. Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, Robert Tappan Morris paper KrohnYBCKKM07
16 2007 sp Usable Mandatory Integrity Protection for Operating Systems. Ninghui Li, Ziqing Mao, Hong Chen paper LiMC07
17 2007 sp Lurking in the Shadows - Identifying Systemic Threats to Kernel Data. Arati Baliga, Pandurang Kamat, Liviu Iftode paper BaligaKI07
18 2008 eurosys Manageable fine-grained information flow. Petros Efstathopoulos, Eddie Kohler paper EfstathopoulosK08
19 2008 sp Practical Proactive Integrity Preservation - A Basis for Malware Defense. Weiqing Sun, R. Sekar, Gaurav Poothia, Tejas Karandikar paper SunSPK08
20 2008 sp Verifying the Safety of User Pointer Dereferences. Suhabe Bugrara, Alex Aiken paper BugraraA08
21 2008 uss Real-World Buffer Overflow Protection for Userspace and Kernelspace. Michael Dalton, Hari Kannan, Christos Kozyrakis paper DaltonKK08
22 2009 ccs Mapping kernel objects to enable systematic integrity checking. Martim Carbone, Weidong Cui, Long Lu, Wenke Lee, Marcus Peinado, Xuxian Jiang paper CarboneCLLPJ09
23 2009 ccs Robust signatures for kernel data structures. Brendan Dolan-Gavitt, Abhinav Srivastava, Patrick Traynor, Jonathon T. Giffin paper Dolan-GavittSTG09
24 2009 eurosys Multi-aspect profiling of kernel rootkit behavior. Ryan Riley, Xuxian Jiang, Dongyan Xu paper RileyJX09
25 2009 ndss K-Tracer - A System for Extracting Kernel Malware Behavior. Andrea Lanzi, Monirul I. Sharif, Wenke Lee paper LanziSL09
26 2009 ndss Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems. Hong Chen, Ninghui Li, Ziqing Mao paper ChenLM09
27 2009 ndss IntScope - Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution. Tielei Wang, Tao Wei, Zhiqiang Lin, Wei Zou paper WangWLZ09
28 2009 usenix Linux Kernel Developer Responses to Static Analysis Bug Reports. Philip J. Guo, Dawson R. Engler paper GuoE09
29 2009 uss Return-Oriented Rootkits - Bypassing Kernel Code Integrity Protection Mechanisms. Ralf Hund, Thorsten Holz, Felix C. Freiling paper HundHF09
30 2010 eurosys Defeating return-oriented rootkits with Return-Less kernels. Jinku Li, Zhi Wang 0004, Xuxian Jiang, Michael C. Grace, Sina Bahram paper LiWJGB10
31 2010 usenix Tolerating Malicious Device Drivers in Linux. Silas Boyd-Wickizer, Nickolai Zeldovich paper Boyd-WickizerZ10
32 2011 ndss Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions. Xi Xiong, Donghai Tian, Peng Liu 0005 paper XiongTL11
33 2011 ndss Efficient Monitoring of Untrusted Kernel-Mode Execution. Abhinav Srivastava, Jonathon T. Giffin paper SrivastavaG11
34 2011 ndss SigGraph - Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures. Zhiqiang Lin, Junghwan Rhee, Xiangyu Zhang 0001, Dongyan Xu, Xuxian Jiang paper LinRZXJ11
35 2012 ndss Kruiser - Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring. Donghai Tian, Qiang Zeng 0001, Dinghao Wu, Peng Liu 0005, Changzhen Hu paper TianZW0H12
36 2012 osdi Improving Integer Security for Systems with KINT. Xi Wang 0005, Haogang Chen 0001, Zhihao Jia, Nickolai Zeldovich, M. Frans Kaashoek paper WangCJZK12
37 2012 sp Smashing the Gadgets - Hindering Return-Oriented Programming Using In-place Code Randomization. Vasilis Pappas, Michalis Polychronakis, Angelos D. Keromytis paper PappasPK12
38 2012 uss Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. Cristiano Giuffrida, Anton Kuijsten, Andrew S. Tanenbaum paper GiuffridaKT12
39 2013 eurosys Process firewalls - protecting processes during resource access. Hayawardh Vijayakumar, Joshua Schiffman, Trent Jaeger paper VijayakumarSJ13
40 2013 ndss Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring. Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schröder-Preikschat, Daniel Lohmann, Rüdiger Kapitza paper KurmusTDHRRSLK13
41 2013 sp SoK - Eternal War in Memory. Laszlo Szekeres, Mathias Payer, Tao Wei, Dawn Song paper SzekeresPWS13
42 2013 sp Just-In-Time Code Reuse - On the Effectiveness of Fine-Grained Address Space Layout Randomization. Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Ahmad-Reza Sadeghi paper SnowMDDLS13
43 2014 ccs A Tale of Two Kernels - Towards Ending Kernel Hardening Wars with Split Kernel. Anil Kurmus, Robby Zippel paper KurmusZ14
44 2014 ndss ROPecker - A Generic and Practical Approach For Defending Against ROP Attacks. Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding, Robert H. Deng paper ChengZYDD14
45 2014 osdi Jitk - A Trustworthy In-Kernel Interpreter Infrastructure. Xi Wang 0005, David Lazar, Nickolai Zeldovich, Adam Chlipala, Zachary Tatlock paper WangLZCT14
46 2014 sp KCoFI - Complete Control-Flow Integrity for Commodity Operating System Kernels. John Criswell, Nathan Dautenhahn, Vikram S. Adve paper CriswellDA14
47 2014 sp Dancing with Giants - Wimpy Kernels for On-Demand Isolated I/O. Zongwei Zhou, Miao Yu, Virgil D. Gligor paper ZhouYG14
48 2014 usenix Static Analysis of Variability in System Software - The 90, 000 #ifdefs Issue. Reinhard Tartler, Christian Dietrich 0001, Julio Sincero, Wolfgang Schröder-Preikschat, Daniel Lohmann paper TartlerDSSL14
49 2015 ndss Preventing Use-after-free with Dangling Pointers Nullification. Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, Wenke Lee paper LeeSJWKLL15
50 2016 ccs Prefetch Side-Channel Attacks - Bypassing SMAP and Kernel ASLR. Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard paper GrussMFLM16
51 2016 ccs Breaking Kernel Address Space Layout Randomization with Intel TSX. Yeongjin Jang, Sangho Lee 0001, Taesoo Kim paper JangLK16
52 2016 ccs UniSan - Proactive Kernel Memory Initialization to Eliminate Data Leakages. Kangjie Lu, Chengyu Song, Taesoo Kim, Wenke Lee paper LuSKL16
53 2016 ndss Enforcing Kernel Security Invariants with Data Flow Integrity. Chengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, Taesoo Kim, Wenke Lee paper SongLLHKL16
54 2016 osdi Light-Weight Contexts - An OS Abstraction for Safety and Performance. James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg 0001, Bobby Bhattacharjee, Peter Druschel paper LittonVE0BD16
55 2016 osdi EbbRT - A Framework for Building Per-Application Library Operating Systems. Dan Schatzberg, James Cadden, Han Dong, Orran Krieger, Jonathan Appavoo paper SchatzbergCDKA16
56 2017 ccs FreeGuard - A Faster Secure Heap Allocator. Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu paper SilvestroLCLL17
57 2017 eurosys DangSan - Scalable Use-after-free Detection. Erik van der Kouwe, Vinod Nigade, Cristiano Giuffrida paper KouweNG17
58 2017 eurosys A Characterization of State Spill in Modern Operating Systems. Kevin Boos, Emilio Del Vecchio, Lin Zhong 0001 paper BoosVZ17
59 2017 eurosys kRX - Comprehensive Kernel Protection against Just-In-Time Code Reuse. Marios Pomonis, Theofilos Petsios, Angelos D. Keromytis, Michalis Polychronakis, Vasileios P. Kemerlis paper PomonisPKPK17
60 2017 ndss PT-Rand - Practical Mitigation of Data-only Attacks against Page Tables. Lucas Davi, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi paper DaviGLS17
61 2017 ndss Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying. Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nümberger, Wenke Lee, Michael Backes 0001 paper LuWPNL017
62 2017 sp NORAX - Enabling Execute-Only Memory for COTS Binaries on AArch64. Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed M. Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen paper ChenZWQALVS17
63 2017 usenix Lock-in-Pop - Securing Privileged Operating System Kernels by Keeping on the Beaten Path. Yiwen Li, Brendan Dolan-Gavitt, Sam Weber, Justin Cappos paper LiDWC17
64 2018 ndss K-Miner - Uncovering Memory Corruption in Linux. David Gens, Simon Schmitt, Lucas Davi, Ahmad-Reza Sadeghi paper GensSDS18
65 2018 sp Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels. Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes 0001, Taesoo Kim paper XuQL0K18
66 2019 sp LBM - A Security Framework for Peripherals within the Linux Kernel. Dave Jing Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Peter C. Johnson 0001, Kevin R. B. Butler paper TianHCFJB19
67 2019 sp SoK - Shining Light on Shadow Stacks. Nathan Burow, Xinping Zhang, Mathias Payer paper BurowZP19
68 2019 sp SoK - Sanitizing for Security. Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz paper SongLRNVLF19
69 2019 usenix Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers. Jia-Ju Bai, Julia Lawall, Qiu-Liang Chen, Shi-Min Hu 0001 paper BaiLCH19
70 2019 usenix LXDs - Towards Isolation of Kernel Subsystems. Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scotty Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, Anton Burtsev paper NarayananBJSBQH19