Software Security Analysis

Hobson T., Okhravi H., Bigelow D., Rudd R., and Streilein W., On the Challenges of Effective Movement, ACM CCS Moving Target Defense Workshop, November 2014.
(Full Paper)

Dolan-Gavitt, B., Hodosh, J., Hulin, P., Leek, T., Whelan, R. Repeatable Reverse Engineering for the Greater Good with PANDA, Technical Report TR CUCS-023-14, Columbia University, October, 2014.
(Report)

Alley Stoughton, Andrew Johnson, Samuel Beller, Karishma Chadha, Dennis Chen, Kenneth Foner, Michael Zhivich, You Sank My Battleship! A Case Study in Secure Programming, ACM Ninth Workshop on Programming Languages and Analysis for Security (PLAS 2014), Uppsala, Sweden, July 2014.
(Full Paper)

Whelan, R., Leek, T., Kaeli, D., Architecture-Independent Dynamic Information Flow Tracking, 22nd International Conference on Compiler Construction (CC 2013), Rome, Italy, March 2013.
(Full Paper)

Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Wenke, L. Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection, IEEE Symposium on Security & Privacy, Oakland, CA, May 22, 2011.
(Full Paper)

Zhivich, M., Cunningham, R. The Real Cost of Software Errors, IEEE Security & Privacy, 7(2), March/April 2009.
(Journal Article)

Streilein, W. W., Kratkiewicz, K., Piwowarski, K., Webster, S., PANEMOTO: Network Visualization of Security Situational Awareness through Passive Analysis, 8th Annual IEEE SMC Information Assurance Workshop, West Point, New York, June 20-22, 2007.
(Full Paper)

Brown, R.E., Khazan, R.I., Zhivich, M.A., AWE: Improving Software Analysis through Modular Integration of Static and Dynamic Analyses. Program Analysis for Software Tools and Engineering, San Diego, CA, June 13-14, 2007.
(Full Paper)

Cunningham, R. K., Zhivich, M., Securing Process Control Systems of Today and Tomorrow, Critical Infrastructure Protection Conference, Hanover, NH. Mar. 19-21, 2007.
(Full Paper)

Leek, T.R., Baker, G.Z., Brown, R.E., Zhivich, M.A., Lippman, R.P., Coverage Maximization using Dynamic Taint Tracing, MIT Lincoln Laboratory TR-1112, March 2007.
(Full Paper)

Schechter, S., Ozment, A., The Security of Open BSD: Milk or Wine? ";login," published by Usenix: the Advanced Computing Systems, Berkeley, California, 23 December 2006.
(Full Paper)

Schechter, S., Ozment, A., Milk or Wine: Does Software Security Improve with Age? USENIX Security 2006, Vancouver, British Columbia, 31 July 2006.
(Full Paper)

Zhivich, M. A., Leek, T., Lippmann, R. P., Dynamic Buffer Overflow Detection, Workshop on the Evaluation of Software Defect Detection Tools, Chicago, Illinois, June 12, 2005.
(Full Paper)

Zhivich, M. A., Leek, T., Lippmann, R. P., Dynamic Buffer Overflow Detection Tools, Proceedings of Defining the State of the Art in Software Security Tools Workshop, NIST Special Publication 500-264, Eds. P. Black and E. Fong, National Institute of Standards and Technology, Pages 95–101, August 10, 2005.
(Full Paper)

Kratkiewicz, K. Evaluating Static Analysis Tools for Detecting Buffer Overflows in C Code. Master's Thesis, Harvard University, Cambridge, Massachusetts, March 2005.
(Full Thesis)

Kratkiewicz, K., Lippmann, R. A Taxonomy of Buffer Overflows for Evaluating Static and Dynamic Software Testing Tools. Proceedings of Workshop on Software Security Assurance Tools, Techniques, and Metrics, NIST Special Publication 500-265, Eds. P. E. Black, M. Kass and E. Fong, National Institute of Standards and Technology, Pages 44–51, 2005.
(Full Paper)

Kratkiewicz, K., Lippmann, R., Using a Diagnostic Corpus of C Programs to Evaluate Buffer Overflow Detection by Static Analysis Tools, BUGS05 Workshop on the Evaluation of Software Defect Detection Tools, Chicago, Illinois, 2005.
(Full Paper)

Kratkiewicz, K., Lippmann, R., Using a Diagnostic Corpus of C Programs to Evaluate Buffer Overflow Detection by Static Analysis Tools.  Proceedings of Defining the State of the Art in Software Security Tools Workshop, NIST Special Publication 500-264, Eds. P. E. Black and E. Fong, National Institute of Standards and Technology, Pages 102–111, 2005.
(Full Paper)

Leek, T., Lippmann, R., Zitser, M., Testing Static Analysis Tools Using Exploitable Buffer Overflows From Open-Source Code, Foundations of Software Engineering, Newport Beach, California, 31 October – 5 November 2004.
(Full Paper)

Zitser, M., Lippmann, R.P., and Leek, T., Testing Static Analysis Tools Using Exploitable Buffer Overflows From Open Source Code, Proceedings ACM Sigsoft 2004/FSE Foundations of Software Engineering Conference, 2004.
(Full Paper)

top of page