Veröffentlichungen

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

2017 - Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, Thorsten Holz

26th USENIX Security Symposium, Vancouver, Canada, August 2017 [PDF]

Reverse Engineering x86 Processor Microcode

2017 - Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Chris­tof Paar, Thorsten Holz

26th USENIX Security Symposium, Vancouver, Canada, August 2017 [PDF]

Syntia: Synthesizing the Semantics of Obfuscated Code

2017 - Tim Blazytko, Moritz Contag, Cornelius Aschermann, Thorsten Holz

26th USENIX Security Symposium, Vancouver, Canada, August 2017 [PDF]

Towards Automated Discovery of Crash-Resistant Primitives in Binaries

2017 - Benjamin Kollenda, Enes Goktas, Tim Blazytko, Philipp Koppe, Robert Gawlik, R.K. Konoth, Cristiano Giuffrida, Herbert Bo, Thorsten Holz

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) [PDF]

How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles

2017 - Moritz Contag, Guo Li, Andre Pawlowski, Felix Domke, Kirill Levchenko, Thorsten Holz, Stefan Savage

IEEE Symposium on Security and Privacy ("Oakland"), San Jose, CA, May 2017 [PDF]

MARX: Uncovering Class Hierarchies in C++ Programs

2017 - Andre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos, Cristiano Giuffrida

Symposium on Network and Distributed System Security (NDSS), San Diego, California, USA, February 2017 [PDF]

Toward Improved Audio CAPTCHAs Based on Auditory Perception and Language Understanding

2017 - Hendrik Meutzner, Santosh Gupta, Viet-Hung Nguyen, Thorsten Holz, Do­ro­thea Kolossa

ACM Transactions on Privacy and Security (TOPS), Volume 19, Issue 4, February 2017

May the Force be with You: The Future of Force-Sensitive Authentication

2017 - Katharina Krombholz, Thomas Hupperich, Thorsten Holz

Journal of Internet Computing, Special Issue of Usable Security and Privacy, 2017 [pdf]

EvilCoder: Automated Bug Insertion

2016 - Jannik Pewny, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA, December 2016 [PDF]

Automated Multi-Architectural Discovery of CFI-Resistant Code Gadgets

2016 - Patrick Wollgast, Robert Gawlik, Behrad Garmany, Benjamin Kollenda, Thorsten Holz

European Symposium on Research in Computer Security (ESORICS), Heraklion, Greece, September 2016 [pdf]

On the Feasibility of TTL-based Filtering for DRDoS Mitigation

2016 - Michael Backes, Thorsten Holz, Christian Rossow, Teemu Rytilahti, Milivoj Simeonovski, Ben Stock

International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Evry, France, September 2016 [PDF]

Sensor Captchas: On the Usability of Instrumenting Hardware Sensors to Prove Liveliness

2016 - Thomas Hupperich, Kromholz Katharina, Thorsten Holz

9th International Conference on Trust & Trustworthy Computing (TRUST), Vienna, Austria, August 2016 [pdf]

Undermining Entropy-based Information Hiding (And What to do About it)

2016 - Enes Göktas, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, Herbert Bos

24th USENIX Security Symposium, Austin, TX, USA, August 2016 [PDF]

Technical Report: Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation

2016 - Johannes Hoffmann, Teemu Rytilahti, Davide Maiorca, Marcel Winandy, Giorgio Giacinto, Thorsten Holz

TR-HGI-2016-003, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), August 2016 [pdf]

Technical Report: Detile: Fine-Grained Information Leak Detection in Script Engines

2016 - Robert Gawlik, Philipp Koppe, Benjamin Kollenda, Andre Pawlowski, Behrad Garmany, Thorsten Holz

TR-HGI-2016-004, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), July 2016 [PDF]

Detile: Fine-Grained Information Leak Detection in Script Engines

2016 - Robert Gawlik, Philipp Koppe, Benjamin Kollenda, Andre Pawlowski, Behrad Garmany, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Donostia-San Sebastián, Spain, July 2016 [PDF]

Leveraging Sensor Fingerprinting for Mobile Device Authentication

2016 - Thomas Hupperich, Henry Hosseini, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Donostia-San Sebastián, Spain, July 2016 [pdf]

Probfuscation: An Obfuscation Approach using Probabilistic Control Flows

2016 - Andre Pawlowski, Moritz Contag, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Donostia-San Sebastián, Spain, July 2016 [PDF]

Technical Report: Probfuscation: An Obfuscation Approach using Probabilistic Control Flows

2016 - Andre Pawlowski, Moritz Contag, Thorsten Holz

TR-HGI-2016-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), July 2016 [PDF]

Use the Force: Evaluating Force-Sensitive Authentication for Mobile Devices

2016 - Katharina Krombholz, Thomas Hupperich, Thorsten Holz

Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, USA, June 2016 [PDF]

Subversive-C: Abusing and Protecting Dynamic Message Dispatch

2016 - Julian Lettner, Benjamin Kollenda, Andrei Homescu, Per Larsen, Felix Schuster, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Michael Franz

2016 USENIX Annual Technical Conference (USENIX ATC '16), Denver, USA, June 2016 [PDF]

SkypeLine: Robust Hidden Data Transmission for VoIP

2016 - Katharina Kohls, Thorsten Holz, Do­ro­thea Kolossa, Christina Pöpper

ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS), Xi'an, May 2016 [PDF]

A Tough call: Mitigating Advanced Code-Reuse Attacks At The Binary Level

2016 - Victor van der Veen, Enes Goktas, Moritz Contag, Andre Pawlowski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, Cristiano Giuffrida

IEEE Symposium on Security and Privacy ("Oakland"), San Jose, CA, May 2016 [PDF]

Interdiction in Practice – Hardware Trojan Against a High-Security USB Flash Drive

2016 - Pawel Swierczynski, Marc Fyrbiak, Philipp Koppe, Amir Moradi, Chris­tof Paar

Journal of Cryptographic Engineering, Springer, June 2016. [DOI] [pdf]

No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells

2016 - Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, Nick Nikiforakis

25th International World Wide Web Conference (WWW), Montreal, April 2016 [PDF]

SDN Malware: Problems of Current Protection Systems and Potential Countermeasures

2016 - Christian Röpke

GI Sicherheit, Bonn, Germany, 2016 (Best Paper Award)

Poster: Automated, Context-Sensitive Analysis of iOS Applications

2016 - Dennis Tatang

1st IEEE European Symposium on Security and Privacy (Euro S&P 2016), Saarbrücken, Germany

Poster: The Curious Case of NTP Monlist

2016 - Teemu Rytilahti, Thorsten Holz

1st IEEE European Symposium on Security and Privacy (Euro S&P 2016), Saarbrücken, Germany [pdf]

How Secure is TextSecure?

2016 - Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz

IEEE European Symposium on Security and Privacy (EuroS&P 2016) [PDF]

Neuralyzer: Flexible Expiration Times for the Revocation of Online Data

2016 - Apostolis Zarras, Katharina Kohls, Markus Dürmuth, Christina Pöpper

In Proceedings of the ACM Conference on Data and Application Security and Privacy (ACM CODASPY) 2016 *** OUTSTANDING PAPER AWARD *** [PDF]

Poster: Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation

2016 - Johannes Hoffmann, Teemu Rytilahti, Davide Maiorca, Marcel Winandy, Giorgio Giacinto, Thorsten Holz

Pro­cee­dings of the ACM Con­fe­rence on Data and Ap­p­li­ca­ti­on Se­cu­ri­ty and Pri­va­cy (ACM CO­DAS­PY) 2016

Technical Report: SkypeLine Robust Hidden Data Transmission for VoIP

2016 - Katharina Kohls, Thorsten Holz, Do­ro­thea Kolossa, Christina Pöpper

TR-HGI-2016-001, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), February 2016 [PDF]

Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding

2016 - Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany, Thorsten Holz

An­nual Net­work & Di­stri­bu­ted Sys­tem Se­cu­ri­ty Sym­po­si­um (NDSS), San Diego, Fe­bru­ary 2016 [PDF]

On Network Operating System Security

2016 - Christian Röpke, Thorsten Holz

International Journal of Network Management (IJNM) - Special Issue on Software-Defined Networking and Network Function Virtualization for Flexible Network Management, 2016

Technical Report: On the Effectiveness of Fingerprinting Mobile Devices

2015 - Thomas Hupperich, Davide Maiorca, Marc Kührer, Thorsten Holz, Giorgio Giacinto

TR-HGI-2015-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), December 2015 [PDF]

On the Robustness of Mobile Device Fingerprinting

2015 - Thomas Hupperich, Davide Maiorca, Marc Kührer, Thorsten Holz, Giorgio Giacinto

31th Annual Computer Security Applications Conference (ACSAC), Los Angeles, USA, December 2015 [PDF]

Security Analysis of PHP Bytecode Protection Mechanisms

2015 - Dario Weißer, Johannes Dahse, Thorsten Holz

Research in Attacks, Intrusions and Defenses (RAID) Symposium, Kyoto, Japan, November 2015 [PDF]

SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks

2015 - Christian Röpke, Thorsten Holz

Research in Attacks, Intrusions and Defenses (RAID) Symposium, Kyoto, Japan, November 2015 [PDF]

Going Wild: Large-Scale Classification of Open DNS Resolvers

2015 - Marc Kührer, Thomas Hupperich, Jonas Bushart, Christian Rossow, Thorsten Holz

15th ACM In­ter­net Me­a­su­re­ment Con­fe­rence (IMC), Tokyo, Japan, Oc­to­ber 2015 [PDF]

Multi-Layer Access Control for SDN-based Telco Clouds

2015 - Bernd Jäger, Christian Röpke, Iris Adam, Thorsten Holz

Nordic Conference on Secure IT System (NordSec), Stockholm, Sweden, October 2015 [PDF]

It's a TRAP: Table Randomization and Protection against Function Reuse Attacks

2015 - Stephen Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, Michael Franz

22nd ACM Conference on Computer and Communications Security (CCS), Denver, October 2015 [PDF]

On Locational Privacy in the Absence of Anonymous Payments

2015 - Tilman Frosch, Sven Schäge, Martin Goll, Thorsten Holz

Gutwirth, S., Leenes R., P. De Hert and Y. Poullet, Data protection on the Move. Current Developments in ICT and Privacy/Data Protection. Springer (forthcoming, 2015), Dordrecht. [pdf]

Revealing the Relationship Network Behind Link Spam

2015 - Apostolis Zarras, Antonis Papadogiannakis, Sotiris Ioannidis, Thorsten Holz

13th Annual Conference on Privacy, Security and Trust (PST), Izmir, Turkey, July 2015 [PDF]

Experience Report: An Empirical Study of PHP Security Mechanism Usage

2015 - Johannes Dahse, Thorsten Holz

International Symposium on Software Testing and Analysis (ISSTA) [PDF]

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

2015 - Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz

36th IEEE Symposium on Security and Privacy (Oakland), San Jose, May 2015 [PDF]

Cross-Architecture Bug Search in Binary Executables

2015 - Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow, Thorsten Holz

36th IEEE Symposium on Security and Privacy (Oakland), San Jose, May 2015 [PDF]

VC3: Trustworthy Data Analytics in the Cloud using SGX

2015 - Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz , Mark Russinovich

36th IEEE Symposium on Security and Privacy (Oakland), San Jose, May 2015 [PDF]

A Practical Investigation of Identity Theft Vulnerabilities in Eduroam

2015 - Sebastian Brenza, Andre Pawlowski, Christina Pöpper

In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec), 2015 [Project Webpage] [PDF]

Retaining Control over SDN Network Services

2015 - Christian Röpke, Thorsten Holz

International Conference on Networked Systems (NetSys), 2015

FPGA Trojans through Detecting and Weakening of Cryptographic Primitives

2015 - Pawel Swierczynski, Marc Fyrbiak, Philipp Koppe, Chris­tof Paar

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, Volume PP Issue 99, February 2015. [DOI] [pdf]

Tactile One-Time Pad: Leakage-Resilient Authentication for Smartphones

2015 - Sebastian Uellenbeck, Thomas Hupperich, Christopher Wolf, Thorsten Holz

Financial Cryptography and Data Security 2015 [pdf]

VC3: Trustworthy Data Analytics in the Cloud

2014 - Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, Mark Russinovich

MSR-TR-2014-39, Microsoft Research, December 2014 [Microsoft Research]

Technical Report: Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs

2014 - Robert Gawlik, Thorsten Holz

TR-HGI-2014-004, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), December 2014 [PDF]

Leveraging Semantic Signatures for Bug Search in Binary Programs

2014 - Jannik Pewny, Felix Schuster, Lukas Bernhard, Christian Rossow, Thorsten Holz

An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014 [PDF]

Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs

2014 - Robert Gawlik, Thorsten Holz

An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014 [PDF]

Using Automatic Speech Recognition for Attacking Acoustic CAPTCHAs: The Trade-off between Usability and Security

2014 - Hendrik Meutzner, Viet Hung Nguyen, Thorsten Holz, Do­ro­thea Kolossa

An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014 - ** Outstanding Paper Award ** [PDF]

The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements

2014 - Apostolis Zarras, Alexandros Kapravelos, Gianluca Stringhini, Thorsten Holz, Christopher Kruegel, Giovanni Vigna

14th ACM SIGCOMM Internet Measurement Conference (IMC), Vancouver, Canada, November 2014 [PDF]

Code Reuse Attacks in PHP: Automated POP Chain Generation

2014 - Johannes Dahse, Nikolai Krein, Thorsten Holz

21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA, November 2014 - ** Best Student Paper Award ** [PDF]

You Can Run but You Can’t Read: Preventing Disclosure Exploits in Executable Code

2014 - Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, Jannik Pewny

21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA, November 2014 [PDF]

How Secure is TextSecure?

2014 - Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz

Cryptology ePrint Archive, Report 2014/904, 31 Oct 2014 [pdf]

The Art of False Alarms in the Game of Deception: Leveraging Fake Honeypots for Enhanced Security

2014 - Apostolis Zarras

48th IEEE International Carnahan Conference on Security Technology (ICCST), Rome, Italy, October 2014 [PDF]

CloudSylla: Detecting Suspicious System Calls in the Cloud

2014 - Marc Kührer, Johannes Hoffmann, Thorsten Holz

16th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Paderborn, Germany, September 2014 [PDF]

Evaluating the Effectiveness of Current Anti-ROP Defenses

2014 - Felix Schuster, Thomas Tendyck, Jannik Pewny, Andreas Maaß, Martin Steegmanns, Moritz Contag, Thorsten Holz

Re­se­arch in At­tacks, In­tru­si­ons and De­fen­ses (RAID) Sym­po­si­um, Gothenburg, Sweden, September 2014 [PDF]

Paint it Black: Evaluating the Effectiveness of Malware Blacklists

2014 - Marc Kührer, Christian Rossow, Thorsten Holz

Re­se­arch in At­tacks, In­tru­si­ons and De­fen­ses (RAID) Sym­po­si­um, Gothenburg, Sweden, September 2014 [PDF]

Tac­tile One-Ti­me Pad. Smart­pho­ne Au­then­ti­fi­ca­ti­on. Resi­li­ent Against Shoul­der Sur­fing

2014 - Sebastian Uellenbeck, Thomas Hupperich, Christopher Wolf, Thorsten Holz

TR-HGI-2014-003, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), September 2014 [PDF]

Static Detection of Second-Order Vulnerabilities in Web Applications

2014 - Johannes Dahse, Thorsten Holz

23rd USENIX Security Symposium, San Diego, CA, USA, August 2014 - ** Internet Defense Prize by Facebook ** [PDF]

Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data

2014 - Sebastian Vogl, Robert Gawlik, Behrad Garmany, Thomas Kittel, Jonas Pfoh, Claudia Eckert, Thorsten Holz

23rd USENIX Security Symposium, San Diego, CA, USA, August 2014 [PDF]

Exit from Hell? Reducing the Impact of Amplification DDoS Attacks

2014 - Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz

23rd USENIX Security Symposium, San Diego, CA, USA, August 2014 [PDF]

Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks

2014 - Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz

8th USENIX Workshop on Offensive Technologies (WOOT), San Diego, CA, USA, August 2014 [PDF]

Malicious Code and Access Control in Software-Defined-Networks

2014 - Christian Röpke

9. GI FG SIDAR Graduierten-Workshop über Reaktive Sicherheit (SPRING), 2014 [PDF]

Virtual Machine-based Fingerprinting Schemes

2014 - Moritz Contag

9. GI FG SIDAR Gra­du­ier­ten-Work­shop über Re­ak­ti­ve Si­cher­heit (SPRING), 2014

Automated Generation of Models for Fast and Precise Detection of HTTP-Based Malware

2014 - Apostolis Zarras, Antonis Papadogiannakis, Robert Gawlik, Thorsten Holz

12th Annual Conference on Privacy, Security and Trust (PST), Toronto, Canada, July 2014 [PDF]

Technical Report: Paint it Black: Evaluating the Effectiveness of Malware Blacklists

2014 - Marc Kührer, Christian Rossow, Thorsten Holz

TR-HGI-2014-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), June 2014 [PDF]

Technical Report: Evaluating the Effectiveness of Current Anti-ROP Defenses

2014 - Felix Schuster, Thomas Tendyck, Jannik Pewny, Andreas Maaß, Martin Steegmanns, Moritz Contag, Thorsten Holz

TR-HGI-2014-001, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), May 2014 [PDF]

Scriptless attacks: Stealing more pie without touching the sill

2014 - Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk

Journal of Computer Security, Volume 22, Number 4 / 2014, Web Application Security – Web @ 25 [URL]

Communication Reduced Interaction Protocol between Customer, Charging Station, and Charging Station Management System

2014 - Karl-Heinz Krempels, Christoph Terwelp, Stefan Wüller, Tilman Frosch, Sevket Gökay

3rd International Conference on Smart Grids and Green IT Systems (SMARTGREENS 2014), Barcelona, Spain, April 2014

Continuous Authentication on Mobile Devices by Analysis of Typing Motion Behavior

2014 - Hugo Gascon, Sebastian Uellenbeck, Christopher Wolf, Konrad Rieck

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Vienna, Austria, March 2014 [PDF]

GraphNeighbors: Hampering Shoulder-Surfing Attacks on Smartphones

2014 - Irfan Altiok, Sebastian Uellenbeck, Thorsten Holz

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Vienna, Austria, March 2014 [PDF]

Simulation of Built-in PHP features for Precise Static Code Analysis

2014 - Johannes Dahse, Thorsten Holz

Annual Network & Distributed System Security Symposium (NDSS), San Diego, February 2014 [PDF]

A Trusted Versioning File System for Passive Mobile Storage Devices

2014 - Luigi Catuogno, Hans Löhr, Marcel Winandy, Ahmad-Reza Sadeghi

Journal of Network and Computer Applications, Vol. 38, February 2014, pp. 65-75. http://dx.doi.org/10.1016/j.jnca.2013.05.006 [doi]

Control-Flow Restrictor: Compiler-based CFI for iOS

2013 - Jannik Pewny, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013 [PDF]

k-subscription: Privacy-Preserving Microblogging Browsing through Obfuscation

2013 - Panagiotis Papadopoulos, Antonis Papadogiannakis, Michalis Polychronakis, Apostolis Zarras, Thorsten Holz, Evangelos P. Markatos

29th Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013 [PDF]

PRIME: Private RSA Infrastructure for Memory-less Encryption

2013 - Behrad Garmany, Tilo Müller

Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013 - **Best Paper Award** [PDF]

Towards Reducing the Attack Surface of Software Backdoors

2013 - Felix Schuster, Thorsten Holz

20th ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013 [PDF]

Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns

2013 - Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, Thorsten Holz

ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013 [PDF]

mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations

2013 - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang

20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013 [PDF]

An Experimental Security Analysis of Two Satphone Standards

2013 - Benedikt Driessen, Ralf Hund, Carsten Willems, Chris­tof Paar, Thorsten Holz

ACM Transactions on Information and System Security (TISSEC), Vol. 16, No. 3, Article 10, Publication date: November 2013 [PDF]

Mobile Malware Detection Based on Energy Fingerprints - A Dead End?

2013 - Johannes Hoffmann, Stephan Neumann, Thorsten Holz

Research in Attacks, Intrusions and Defenses (RAID) Symposium, St. Lucia, October 2013 [PDF]

On the Usa­bi­li­ty of Se­cu­re GUIs

2013 - Atanas Filyanov, Aysegül Nas, Me­la­nie Volka­mer, Marcel Winandy

Technical Report TR-HGI-2013-002 [Paper]

POSTER: On the Usability of Secure GUIs

2013 - Atanas Filyanov, Aysegül Nas, Melanie Volkamer, Marcel Winandy

9th Symposium on Usable Privacy and Security (SOUPS 2013), Newcastle, UK, July 24-26, 2013. [Extended Abstract] [Poster]

Preventing Backdoors In Server Applications With A Separated Software Architecture (Short Paper)

2013 - Felix Schuster, Stefan Rüster, Thorsten Holz

10th Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Berlin, July 2013 [PDF]

Instrumenting Existing System Components for Dynamic Analysis of Malicious Software

2013 - Carsten Willems

Ruhr-University Bochum, pages 1-225, URN urn:nbn:de:hbz:294-38044, June 2013 [Information] [PDF]

Im­pro­ving Lo­ca­ti­on Pri­va­cy for the Elec­tric Ve­hi­cle Mas­ses

2013 - Tilman Frosch, Sven Schäge, Martin Goll, Thorsten Holz

TR-HGI-2013-001, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), June 2013 [pdf]

Standardorientierte Speicherung von verschlüsselten Dokumenten in einem XDS-Repository

2013 - Lennart Köster, Fatih Korkmaz, Marcel Winandy

Proceedings of the eHealth2013, May 23-24, Vienna, Austria, OCG, 2013.

Practical Timing Side Channel Attacks Against Kernel Space ASLR

2013 - Ralf Hund, Carsten Willems, Thorsten Holz

IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, May 2013 [pdf]

MobileSandbox: Ein Analyseframework für Android Applikationen

2013 - Michael Spreitzenbarth, Johannes Hoffmann, Hanno Lemoine, Thomas Schreck, Florian Echtler

Proceedings of the 13th Deutscher IT-Sicherheitskongress, Bonn, Germany, 2013 [PDF]

PSiOS: Bring Your Own Privacy & Security to iOS Devices

2013 - Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz

ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hangzhou, China, May 2013 - **Distinguished Paper Award** [pdf]

A Security Layer for Smartphone-to-Vehicle Communication over Bluetooth

2013 - Andrea Dardanelli, Federico Maggi, Mara Tanelli, Stefano Zanero, Sergio M. Savaresi, Roman Kochanek, Thorsten Holz

IEEE Embedded Systems Letters, Volume: 5, Issue: 3 [PDF]

Mobile-Sandbox: Looking Deeper into Android Applications

2013 - Michael Spreitzenbarth, Florian Echtler, Thomas Schreck, Felix C. Freiling, Johannes Hoffmann

28th In­ter­na­tio­nal ACM Sym­po­si­um on Ap­p­lied Com­pu­ting (SAC), Coimbra, Portugal, March 2013 [pdf]

Slicing Droids: Program Slicing for Smali Code

2013 - Johannes Hoffmann, Martin Ussath, Michael Spreitzenbarth, Thorsten Holz

28th In­ter­na­tio­nal ACM Sym­po­si­um on Ap­p­lied Com­pu­ting (SAC), Co­im­bra, Por­tu­gal, March 2013 [pdf]

Predentifier: Detecting Botnet C&C Domains From Passive DNS Data

2013 - Tilman Frosch, Marc Kührer, Thorsten Holz

Advances in IT Early Warning, Fraunhofer Verlag, February 2013. ISBN: 978-3-8396-0474-8 [Book Website] [PDF]

Down to the Bare Metal: Using Processor Features for Binary Analysis

2012 - Carsten Willems, Ralf Hund, Amit Vasudevan, Andreas Fobian, Dennis Felsch, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012 [pdf]

Using Memory Management to Detect and Extract Illegitimate Code for Malware Analysis

2012 - Carsten Willems, Felix C. Freiling, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012 [pdf]

CXPInspector: Hypervisor-Based, Hardware-Assisted System Monitoring

2012 - Carsten Willems, Ralf Hund, Thorsten Holz

TR-HGI-2012-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), November 2012 [pdf]

PermissionWatcher: Creating User Awareness of Application Permissions in Mobile Systems

2012 - Eric Struse, Julian Seifert, Sebastian Uellenbeck, Enrico Rukzio, Christopher Wolf

International Joint Conference on Ambient Intelligence (AmI), Pisa, Italy, November 2012 [pdf]

Down to the Bare Metal: Using Processor Features for Binary Analysis

2012 - Carsten Willems, Ralf Hund, Dennis Felsch, Andreas Fobian, Thorsten Holz

TR-HGI-2012-001, Ruhr-Universität Bochum, Horst Görtz Institut für IT-Sicherheit (HGI), November 2012 [pdf]

Applying a Security Kernel Framework to Smart Meter Gateways

2012 - Michael Gröne, Marcel Winandy

ISSE 2012 Securing Electronic Business Processes, Highlights of the Information Security Solutions Europe 2012 Conference, pp. 252-259, Springer Vieweg, 2012.

Scriptless Attacks – Stealing the Pie Without Touching the Sill

2012 - Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk

19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012 [PDF]

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

2012 - Agnes Gawlik, Lennart Köster, Hiva Mahmoodi, Marcel Winandy

Amsterdam Privacy Conference (APC 2012), Workshop on Engineering EHR Solutions (WEES), 2012, Available at SSRN: http://ssrn.com/abstract=2457987 [online] [PDF]

B@bel: Leveraging Email Delivery for Spam Mitigation

2012 - Gianluca Stringhini, Manuel Egele, Apostolis Zarras, Thorsten Holz, Christopher Kruegel, Giovanni Vigna

21st USENIX Security Symposium, Bellevue, WA, USA, August 2012 [PDF]

On the Fragility and Limitations of Current Browser-provided Clickjacking Protection Schemes

2012 - Sebastian Lekies, Mario Heiderich, Dennis Appelt, Thorsten Holz, Martin Johns

6th USENIX Workshop on Offensive Technologies (WOOT), Bellevue, WA, August 2012 [PDF]

SmartProxy: Secure Smartphone-Assisted Login on Compromised Machines

2012 - Johannes Hoffmann, Sebastian Uellenbeck, Thorsten Holz

9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Heraklion, Greece, July 2012 [PDF]

Informationssicherheit in der Arztpraxis: Aktuelle Herausforderungen und Lösungsansätze

2012 - Marcel Winandy

Datenschutz und Datensicherheit (DuD) 06/2012, S. 419 - 424 [SpringerLink]

Don’t Trust Satellite Phones: A Security Analysis of Two Satphone Standards

2012 - Benedikt Driessen, Ralf Hund, Carsten Willems, Chris­tof Paar, Thorsten Holz

IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, May 2012 - **Best Paper Award** [More Info] [PDF]

Tracking DDoS Attacks: Insights into the Business of Disrupting the Web

2012 - Armin Büscher, Thorsten Holz

5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Jose, CA, April 2012 [PDF]

An Empirical Analysis of Malware Blacklists

2012 - Marc Kührer, Thorsten Holz

PIK - Praxis der Informationsverarbeitung und Kommunikation. Volume 35, Issue 1, Pages 11–16, April 2012 [pdf]

Reverse Code Engineering - State of the Art and Countermeasures

2012 - Carsten Willems

it - Information Technology, Volume 54, Number 2, pages 53-63, March 2012 [Journal] [PDF]

Analyse und Vergleich von BckR2D2-I und II

2012 - Andreas Dewald, Felix Freiling, Thomas Schreck, Michael Spreitzenbarth, Johannes Stüttgen, Stefan Vömel, Carsten Willems

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Darmstadt, Ger­ma­ny, März 2012 [Technical Report]

Using Memory Management to Detect and Extract Illegitimate Code for Malware Analysis

2012 - Carsten Willems, Felix, Freiling

Technical Reports CS-2012,1 University of Erlangen, Department Informatik, February 2012 [OPUS Link]

MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones

2012 - Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi

Annual Network & Distributed System Security Symposium (NDSS), San Diego, February 2012 [PDF]

Flexible Patient-Controlled Security for Electronic Health Records

2012 - Thomas Hupperich, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

ACM SIGHIT International Symposium on Health Informatics (IHI), Miami, January 2012 [PDF]

Security and Trust Architectures for Protecting Sensitive Data on Commodity Computing Platforms

2012 - Marcel Winandy

PhD Thesis, Ruhr-University Bochum, Shaker-Verlag, 2012. [book]

Understanding Fraudulent Activities in Online Ad Exchanges

2011 - Brett Stone-Gross, Ryan Stevens, Apostolis Zarras, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna

11th ACM SIGCOMM Internet Measurement Conference (IMC), Berlin, Germany, November 2011 [PDF]

Crouching Tiger - Hidden Payload: Security Risks of Scalable Vectors Graphics

2011 - Mario Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz

18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011 [PDF]

POSTER: Control-Flow Integrity for Smartphones.

2011 - Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi, Thomas Fischer

18th ACM Conference on Computer and Communications Security (CCS'11) [Poster]

Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones

2011 - Lucas Davi, Alexandra Dmitrienko, Christoph Kowalski, Marcel Winandy

STC '11: Proceedings of the 6th ACM Workshop on Scalable Trusted Computing, pp. 49-58, ACM, 2011.

TrumanBox: Improving Dynamic Malware Analysis by Emulating the Internet

2011 - Christian Gorecki, Felix C. Freiling, Marc Kührer, Thorsten Holz

13th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Grenoble, France, October 2011 [PDF]

The Bug that made me President: A Browser- and Web-Security Case Study on Helios Voting

2011 - Mario Heiderich, Tilman Frosch, Marcus Niemietz, Jörg Schwenk

International Conference on E-voting and Identity (VoteID), 2011, Tallinn, Estonia, September 2011 [Website]

Automated Identification of Cryptographic Primitives in Binary Programs

2011 - Felix Gröbert, Carsten Willems, Thorsten Holz

14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011 [PDF]

IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM

2011 - Mario Heiderich, Tilman Frosch, Thorsten Holz

14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011 [PDF]

BotMagnifier: Locating Spambots on the Internet

2011 - Gianluca Stringhini, Thorsten Holz, Brett Stone-Gross, Christopher Kruegel, Giovanni Vigna

USENIX Security Symposium, San Francisco, CA, August 2011 [PDF]

Jackstraws: Picking Command and Control Connections from Bot Traffic

2011 - Gregoire Jacob, Ralf Hund, Christopher Kruegel, Thorsten Holz

USENIX Security Symposium, San Francisco, CA, August 2011 [PDF]

Proceedings of 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)

2011 - Thorsten Holz, Herbert Bos

8th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Amsterdam, Netherlands, July 2011 [SpringerLink]

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

2011 - Atanas Filyanov, Jonathan M. McCune, Ahmad-Reza Sadeghi, Marcel Winandy

IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN 2011), pp. 1-12. IEEE Computer Society, 2011. [pdf]

Automatic Analysis of Malware Behavior using Machine Learning

2011 - Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz

Journal of Computer Security, Vol. 19, No. 4, pages 639-668, 2011 [JCS] [PDF]

Using Memory Management to Detect and Extract Illegitimate Code for Malware Analysis

2011 - Carsten Willems, Felix Freiling

Technical Report TR-2011-002, University of Mannheim, Department of Computer Science, May 2011 [MADOC Link]

Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices

2011 - Michael Becher , Felix C. Freiling, Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, Christopher Wolf

IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2011 [PDF]

Internals of Windows Memory Management (not only) for Malware Analysis

2011 - Carsten Willems

Technical Report TR-2011-001, University of Mannheim, Department of Computer Science, April 2011 [MADOC Link]

Securing the Access to Electronic Health Records on Mobile Phones

2011 - Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

Biomedical Engineering Systems and Technologies 2011 - Revised Selected Papers, Springer-Verlag, 2011. [PDF]

MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients

2011 - Ammar Alkassar, Biljana Cubaleska, Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Med-e-Tel - Global Telemedicine and eHealth Updates: Knowledge Resources, Vol 4., pp. 385-389, ISfTeH, Luxembourg, 2011. [PDF]

Das Internet-Malware-Analyse-System (InMAS)

2011 - Markus Engelberth, Felix C. Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Ralf Hund, Philipp Trinius, Carsten Willems

Datenschutz und Datensicherheit (DuD), Volume 35, Number 4, pp. 247-252 [SpringerLink]

The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns

2011 - Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, Giovanni Vigna

USE­NIX Work­shop on Lar­ge-Sca­le Ex­ploits and Emer­gent Thre­ats (LEET), Boston, MA, March 2011 [PDF]

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

2011 - Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy

6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), ACM, 2011.

A Security Architecture for Accessing Health Records on Mobile Phones.

2011 - Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

Proceedings of the 4th International Conference on Health Informatics (HEALTHINF 2011), pp. 87-96, SciTePress, 2011. [PDF] [Bibtex]

A Note on the Security in the Card Management System of the German E-Health Card

2010 - Marcel Winandy

Electronic Healthcare, Third International Conference, eHealth 2010, LNICST 69, pp. 196-203, Springer, 2012. [PDF] [Bibtex]

TruWalletM: Secure Web Authentication on Mobile Platforms

2010 - Sven Bugiel, Alexandra Dmitrienko, Kari Kostiainen, Ahmad-Reza Sadeghi, Marcel Winandy

Trusted Systems, Second International Conference, INTRUST 2010, LNCS 6802/2011, Springer, 2011. [Bibtex] [PDF]

Securing the E-Health Cloud

2010 - Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

Proceedings of the 1st ACM International Health Informatics Symposium (IHI 2010), ACM, 2010. [pdf] [Bibtex]

Privilege Escalation Attacks on Android.

2010 - Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy

Information Security, 13th International Conference, ISC 2010, LNCS 6531/2011, pp. 346-360, Springer 2011. [Bibtex] [PDF]

A Malware Instruction Set for Behavior-Based Analysis

2010 - Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Ber­lin, Ger­ma­ny, Oc­to­ber 2010 [PDF]

Towards secure deletion on smartphones

2010 - Michael Spreitzenbarth, Thorsten Holz

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Berlin, Germany, October 2010 [PDF]

Return-Oriented Programming without Returns

2010 - Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy

17th ACM Conference on Computer and Communications Security (CCS 2010) [PDF]

Abusing Social Networks for Automated User Profiling

2010 - Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, Christopher Kruegel

13th International Symposium on Recent Advances in Intrusion Detection (RAID), Ottawa, Canada, September 2010 [PDF]

Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments

2010 - Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel Winandy

Proceedings of 5th Annual Workshop on Scalable Trusted Computing (STC 2010), ACM 2010. [PDF]

Return-Oriented Programming without Returns on ARM

2010 - Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy

Tech­ni­cal Re­port HGI-TR-2010-002 [PDF]

Token-Based Cloud Computing -- Secure Outsourcing of Data and Arbitrary Computations with Lower Latency

2010 - Ahmad-Reza Sadeghi, Thomas Schneider, Marcel Winandy

3rd International Conference on Trust and Trustworthy Computing (TRUST'10) - Workshop on Trust in the Cloud, June 22, Berlin, Germany. [Trust2010.org] [PDF]

Is the Internet for Porn? An Insight Into the Online Adult Industry

2010 - Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda, Christopher Kruegel

Workshop on the Economics of Information Security (WEIS), Harvard University, USA, June 2010 [PDF]

Trusted Virtual Domains: Color Your Network

2010 - Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Datenschutz und Datensicherheit (DuD) 5/2010, p. 289-298. [SpringerLink] [PDF]

A Practical Attack to De-Anonymize Social Network Users

2010 - Gilbert Wondracek, Thorsten Holz, Engin Kirda, Christopher Kruegel

IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2010 [PDF]

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries

2010 - Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, Engin Kirda

IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2010 [PDF]

Verfolgen und Abschwächen von Malicious Remote Control Networks

2010 - Thorsten Holz

Ausgezeichnete Informatikdissertationen 2009. LNI D-10, pages 101-110, May 2010 [Dagstuhl Seminar]

ADSandbox: Sandboxing JavaScript to Fight Malicious Websites

2010 - Andreas Dewald, Thorsten Holz, Felix C. Freiling

ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010 [PDF]

Botzilla: Detecting the "Phoning Home" of Malicious Software

2010 - Konrad Rieck, Guido Schwenk, Tobias Limmer, Thorsten Holz, Pavel Laskov

ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010 [PDF]

Cooperation enablement for centralistic early warning systems

2010 - Ulrich Flegel, Johannes Hoffmann, Michael Meier

ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010 [PDF]

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

2010 - Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy

Technical Report HGI-TR-2010-001 [PDF]

Pat­terns for Se­cu­re Boot and Se­cu­re Sto­r­a­ge in Com­pu­ter Sys­tems

2010 - Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

4th In­ter­na­tio­nal Work­shop on Se­cu­re sys­tems me­tho­do­lo­gies using pat­terns (SPat­tern 2010), In Proceedings of ARES 2010: International Conference on Availability, Reliability and Security, pp.569-573, IEEE Computer Society, 2010 [pdf]

The InMAS Approach

2010 - Markus Engelberth, Felix Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Ralf Hund, Philipp Trinius, Carsten Willems

1st European Workshop on Internet Early Warning and Network Intelligence (EWNI'10) [PDF]

A Malware Instruction Set for Behavior-Based Analysis

2009 - Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck

Technical Report TR-2009-007, University of Mannheim, December 2009 [MADOC Link] [PDF]

Automatic Analysis of Malware Behavior using Machine Learning

2009 - Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck

Berlin Institute of Technology, Technical Report 18-2009 [PDF]

Trusted virtual domains - design, implementation and lessons learned.

2009 - Ahmad-Reza Sadeghi, Gianluca Ramunno, Dirk Kuhlmann, Konrad Eriksson, Luigi Catuogno, Alexandra Dmitrienko, Jing Zhan, Steffen Schulz, Marcel Winandy, Matthias Schunter

International Conference on Trusted Systems (INTRUST) 2009. [pdf] [bibtex]

Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-Oriented Programming Attacks.

2009 - Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy

STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 49-54, ACM, 2009. [pdf]

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication.

2009 - Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 19-28, ACM, 2009. [pdf]

Software distribution as a malware infection vector

2009 - Felix Gröbert, Ahmad-Reza Sadeghi, Marcel Winandy

International Conference for Internet Technology and Secured Transactions (ICITST 2009) [Bibtex]

Walowdac - Analysis of a Peer-to-Peer Botnet

2009 - Ben Stock, Jan Göbel, Markus Engelberth, Felix Freiling, Thorsten Holz

European Conference on Computer Network Defense (EC2ND), Milan, Italy, November 2009 [pdf]

Transparent Mobile Storage Protection in Trusted Virtual Domains

2009 - Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Marcel Winandy

23rd Large Installation System Administration Conference (LISA '09), p. 159--172, USENIX Association, 2009. [pdf]

Visual Analysis of Malware Behavior (Short paper)

2009 - Philipp Trinius, Thorsten Holz, Jan Göbel, Felix Freiling

Workshop on Visualization for Cyber Security (VizSec), Atlantic City, NJ, USA, October 2009 [pdf]

Automatically Generating Models for Botnet Detection

2009 - Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Göbel, Christopher Kruegel, Engin Kirda

Eu­ropean Sym­po­si­um on Re­se­arch in Com­pu­ter Se­cu­ri­ty (ESO­RICS), Saint Malo, France, September 2009 [pdf]

Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones

2009 - Thorsten Holz, Markus Engelberth, Felix Freiling

Eu­ropean Sym­po­si­um on Re­se­arch in Com­pu­ter Se­cu­ri­ty (ESO­RICS), Saint Malo, France, September 2009 [pdf]

A Pattern for Secure Graphical User Interface Systems.

2009 - Thomas Fischer, Ahmad-Reza Sadeghi, Marcel Winandy

3rd International Workshop on Secure systems methodologies using patterns (SPattern 2009), in DEXA '09: Proceedings of the 20th International Workshop on Database and Expert Systems Application, p.186-190, IEEE Computer Society, 2009. [pdf] [bibtex]

Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms

2009 - Ralf Hund, Thorsten Holz, Felix Freiling

USENIX Security Symposium, Montreal, Canada, August 2009 [PDF]

Towards Proactive Spam Filtering (Extended Abstract)

2009 - Jan Göbel, Thorsten Holz, Philipp Trinius

Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Milan, Italy, July 2009 [pdf]

Einsatz von Sicherheitskernen und Trusted Computing.

2009 - Ahmad-Reza Sadeghi, Marcel Winandy,

D-A-CH Security 2009, Bochum, Germany. [pdf]

Frühe Warnung durch Beobachten und Verfolgen von bösartiger Software im Deutschen Internet: Das Internet-Malware-Analyse System (InMAS)

2009 - Markus Engelberth, Felix Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Philipp Trinius, Carsten Willems

11. Deutscher IT-Sicherheitskongress des Bundesamtes für Sicherheit in der Informationstechnik (BSI), Bonn, May 2009 [PDF]

Tracking and Mitigation of Malicious Remote Control Networks

2009 - Thorsten Holz

Universität Mannheim, pages 1-138, URN urn:nbn:de:bsz:180-madoc-23306, April 2009 [MADOC Link] [Persistent ID]

Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels.

2009 - Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy

TRUST 2009: Proceedings of the 2nd International Conference on Trusted Computing, LNCS 5471, p. 45-62 Springer, 2009. [pdf]

Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing.

2009 - Hans Löhr, Ahmad-Reza Sadeghi, Claire Vishik, Marcel Winandy

Proceedings of 5th Information Security Practice and Experience Conference (ISPEC'09), LNCS 5451, p. 396-407, Springer, 2009. [pdf]

MalOffice - Detecting malicious documents with combined static and dynamic analysis

2009 - Markus Engelberth, Carsten Willems, Thorsten Holz

Virus Bulletin Conference, Geneva, Switzerland, September 2009 [Presentation]

Sichere Webanwendungen

2008 - Mario Heiderich, Christian Matthies, Johannes Dahse, fukami

GALILEO PRESS, Auflage 1, ISBN-10: 3836211947, ISBN-13: 978-3836211949

Towards Next-Generation Botnets

2008 - Ralf Hund, Matthias Hamann, Thorsten Holz

European Conference on Computer Network Defense (EC2ND), Dublin, Ireland, December 2008 [PDF]

Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains

2008 - Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Rani Husseiki, Yacine Gasmi, Patrick Stewin, Martin Unger

STC '08: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, p. 71-80, ACM, 2008. [pdf]

Analyzing Mobile Malware

2008 - Michael Becher, Ralf Hund

Chapter 8 in "Mobile Malware Attacks and Defense", Syngress Media, October 2008

As the Net Churns: Fast-Flux Botnet Observations

2008 - Jose Nazario, Thorsten Holz

International Conference on Malicious and Unwanted Software, October 2008 [pdf]

Reconstructing Peoples Lives: A Case Study in Teaching Forensic Computing

2008 - Felix Freiling, Thorsten Holz, Martin Mink

In­ter­na­tio­nal Con­fe­rence on IT Se­cu­ri­ty In­ci­dent Ma­nage­ment & IT Fo­ren­sics (IMF), Mannheim, Ger­ma­ny, September 2008 [pdf]

Property-Based TPM Virtualization

2008 - Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Information Security, 11th International Conference, ISC 2008, LNCS 5222, p. 1-16, Springer, 2008. [pdf] [bibtex]

Sicherheitsprobleme elektronischer Wahlauszählungssysteme in der Praxis

2008 - Yacine Gasmi, Christian Hessmann, Martin Pittenauer, Marcel Winandy

INFORMATIK 2008, Beherrschbare Systeme - dank Informatik, Band 1, Beiträge der 38. Jahrestagung der Gesellschaft für Informatik e.V. (GI), LNI 133, GI, 2008.

Learning and Classification of Malware Behavior

2008 - Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Paris, France, July 2008 [PDF]

Studying Malicious Websites and the Underground Economy on the Chinese Web

2008 - Jianwei Zhuge, Thorsten Holz, Chengyu Song, Jinpeng Guo, Xinhui Han, Wei Zou

Work­shop on the Eco­no­mics of In­for­ma­ti­on Se­cu­ri­ty (WEIS), Hanover, NH, USA, June 2008 [pdf]

Kernel-Level Interception and Applications on Mobile Devices

2008 - Michael Becher, Ralf Hund

Technical Report TR-2008-003, Universität Mannheim, May 2008 [PDF]

Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm

2008 - Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix C. Freiling

USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Francisco, CA, April 2008 [pdf]

Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients

2008 - Ali Ikinci, Thorsten Holz, Felix Freiling

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Saarbrücken, April 2008 - **Best Paper Award** [pdf]

Property-Based TPM Virtualization

2008 - Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Technical Report HGI-TR-2008-001, Horst Görtz Institute for IT-Security, Ruhr-University Bochum, 2008. [PDF]

Rishi: Identifizierung von Bots durch Auswerten der IRC Nicknamen

2008 - Jan Göbel, Thorsten Holz

DFN-CERT Work­shop "Si­cher­heit in ver­netz­ten Sys­te­men", Ham­burg, February 2008 [pdf]

Measuring and Detecting Fast-Flux Service Networks

2008 - Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix Freiling

Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2008 [pdf]

Collecting Autonomous Spreading Malware Using High-Interaction Honeypots

2007 - Jianwei Zhuge, Thorsten Holz, Xinhui Han, Chengyu Song, Wei Zou

International Conference on Information and Communications Security (ICICS), LNCS 4861, Zhengzhou, China, December 2007 [pdf]

Virtual Honeypots - From Botnet Tracking to Intrusion Detection

2007 - Niels Provos, Thorsten Holz

Addison-Wesley Professional; 1. edition, 440 pages [Link]

Measurement and Analysis of Autonomous Spreading Malware in a University Environment

2007 - Thorsten Holz, Jan Goebel, Carsten Willems

Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Lucerne, Switzerland, July 2007 [PDF]

Trusted User-Aware Web Authentication

2007 - Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy,

Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007. [PDF]

Compartmented Security for Browsers – Or How to Thwart a Phisher with Trusted Computing

2007 - Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

In Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES 2007), Vienna, Austria, April 10-13, 2007, pages 120-127. IEEE Computer Society, 2007. [pdf]

Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation

2007 - Jan Göbel, Thorsten Holz

USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), Cambridge, MA, April 2007 [pdf]

Toward Automated Dynamic Malware Analysis Using CWSandbox

2007 - Carsten Willems, Thorsten Holz, Felix C. Freiling

IEEE Security & Privacy, Volume 5, Number 2, Pages 32-39, March/April 2007 [PDF]

Compartmented Security for Browsers

2007 - Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Technical Report HGI-TR-2007-001, Horst Görtz Institute for IT Security, Ruhr-University Bochum, 2007. [pdf]

Advanced Honeypot-based Intrusion Detection

2006 - Jan Göbel, Jens Hektor, Thorsten Holz

USE­NIX ;login:, Vo­lu­me 31, Issue 6, Pages 18-23, De­cem­ber 2006 [Link] [pdf]

Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks.

2006 - Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Workshop on Information and System Security (WISSEC'06), Antwerpen (Belgium), 2006 .

TCG Inside? - A Note on TPM Specification Compliance

2006 - Ahmad-Reza Sadeghi, Christian Wachsmann, Marcel Selhorst, Christian Stüble, Marcel Winandy

In Proceedings of the first ACM Workshop on Scalable Trusted Computing (ACMSTC), Alexandria, Virginia, USA, November 3, 2006, pages 47-56. ACM Press, 2006.

A Comparative Study of Teaching Forensics at a University Degree Level

2006 - Philip Anderson, Maximillian Dornseif, Felix Freiling, Thorsten Holz, Alastair Irons, Christopher Laing, Martin Mink

International Conference on IT Security Incident Management & IT Forensics (IMF), Stuttgart, Germany, October 2006 [pdf]

Security Architecture for Device Encryption and VPN

2006 - Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Ammar Alkassar, Michael Scheibel

Accepted for ISSE (Information Security Solution Europe) 2006 [Springer Link]

The Nepenthes Platform: An Efficient Approach to Collect Malware

2006 - Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, Felix Freiling

9th International Symposium on Recent Advances in Intrusion Detection (RAID), Hamburg, Germany, September 2006 [pdf]

The Effect of Stock Spam on Financial Markets

2006 - Rainer Böhme, Thorsten Holz

Workshop on the Economics of Information Security (WEIS), University of Cambridge, June 2006 [SSRN Link]

Design and Implementation of the Honey-DVD

2006 - Maximillian Dornseif, Felix Freiling, Nils Gedicke, Thorsten Holz

IEEE In­for­ma­ti­on As­suran­ce Work­shop (IAW), West Point, NY, June 2006 [pdf]

Design and Implementation of a Secure Linux Device Encryption Architecture

2006 - Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Michael Scheibel

LinuxTag 2006. [pdf]

Safety, Liveness, and Information Flow: Dependability Revisited

2006 - Zinaida Benenson, Felix Freiling, Thorsten Holz, Dogan Kesdogan, Lucia Draque Penso

ARCS Workshop on Dependability and Fault-Tolerance, Frankfurt am Main, Germany, March 2006 [pdf]

Effektives Sammeln von Malware mit Honeypots

2006 - Thorsten Holz, Georg Wicherski

DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, March 2006 [pdf]

New Threats and Attacks on the World Wide Web

2006 - Thorsten Holz, Simon Marechal, Frédéric Raynal

IEEE Security & Privacy Volume 4, Issue 2, Pages 72-75, March 2006 [pdf]

Learning More About Attack Patterns With Honeypots

2006 - Thorsten Holz

GI Sicherheit - Schutz und Zuverlässigkeit, Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik, Magdeburg, February 2006 [pdf]

Spying With Bots

2005 - Thorsten Holz

USENIX ;login:, Volume 30, Issue 6, Pages 18-23, December 2005 [Link] [pdf]

Security Measurements and Metrics for Networks

2005 - Thorsten Holz

Dependability Metrics (Lecture Notes in Computer Science 4909, Advanced Lectures), pages 157-165, 2005 [Link]

Multilateral Security Considerations for Adaptive Mobile Applications

2005 - Adrian Spalka, Armin B. Cremers, Marcel Winandy

Proceedings of the 2nd International Conference on E-Business and Telecommunication Networks (ICETE 2005), pp. 133-137, INSTICC, 2005.

Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks

2005 - Felix Freiling, Thorsten Holz, Georg Wicherski

European Symposium on Research in Computer Security (ESORICS), Milan, Italy, September 2005 [pdf]

A Pointillist Approach for Comparing Honeypots

2005 - Fabien Pouget, Thorsten Holz

Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Vienna, Austria, July 2005 [pdf]

Detecting Honeypots and Other Suspicious Environments

2005 - Thorsten Holz, Frederic Raynal

IEEE In­for­ma­ti­on As­suran­ce Work­shop (IAW), West Point, NY, June 2005 [pdf]

A Short Visit to the Bot Zoo

2005 - Thorsten Holz

IEEE Security & Privacy, Volume 3, Issue 3, Pages 76-79, May 2005 [pdf]

New Aspects on Trusted Computing - New and Advanced Possibilities to Improve Security and Privacy

2005 - Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Marcel Selhorst, Oska Senft

DuD Heft 9-05, Trusted Computing News.

Vulnerability Assessment using Honeypots

2004 - Maximillian Dornseif, Felix C. Gärtner, Thorsten Holz

PIK - Praxis der Informationsverarbeitung und Kommunikation, Volume 27, Issue 4, Pages 195-201, December 2004 [pdf]

NoSEBrEaK - Attacking Honeynets

2004 - Maximillian Dornseif, Thorsten Holz, Christian N. Klein

IEEE Information Assurance Workshop (IAW), West Point, NY, June 2004 [pdf]

Ermittlung von Verwundbarkeiten mit elektronischen Ködern

2004 - Maximillian Dornseif, Felix C. Gärtner, Thorsten Holz

Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Dortmund, Germany, July 2004 [pdf]
Seite: