Metrics and System Security Analysis

Schulz, A., Kotson, M., Zipkin, J., Cyber Network Mission Dependencies, Technical Report TR-1189, MIT Lincoln Laboratory, Lexington, MA, 2015.
(Report)

Evans I., Long F., Otgonbaatar U., Shrobe H., Rinard M., Okhravi, H., and Sidiroglou-Douskos S., Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity, Proceedings of ACM Conference on Computer and Communications Security (CCS), Denver, CO, October 2015.
(Full Paper)

Kotson, M., Schulz, A., Characterizing Phishing Threats with Natural Language Processing, 2015 IEEE CNS, Florence, Italy, September 2015.
(Full Paper)

Trepagnier, P., Schulz, A., Mission Assurance as a Function of Scale, NATO IST-128 Workshop on Mission Assurance, June 2015.
(Full Paper)

Evans I., Fingeret S., Gonzalez J., Otgonbaatar U., Tang T., Shrobe H., Sidiroglou-Douskos S., Rinard M., and Okhravi H., Missing the Point(er): On the Effectiveness of Code Pointer Integrity, Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland '15), San Jose, CA, May 2015.
(Full Paper)

Donovan P., McLamb J., Okhravi H., Riordan J., and Wright C., Quantitative Evaluation of Moving Target Technology, IEEE HST, May 2015.
(Full Paper)

M. Varia, S. Yakoubov and Y. Yang, HETest: A Homomorphic Encryption Testing Framework, Workshop on Applied Homomorphic Encryption, Financial Cryptography and Data Security 2015.
(Full Paper)

M. Varia, B. Price, N. Hwang, A. Hamlin, J. Herzog, J. Poland, M. Reschly, S. Yakoubov and R. K. Cunningham, Automated assessment of secure search systems, ACM SIGOPS Operating Systems Review 49 (1), 22-30, Jan 2015.
(Journal Article)

Seibert J., Okhravi H., and Soderstrom E., Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code, Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS '14), Scottsdale, AZ, November 2014.
(Full Paper)

Okhravi H., Riordan J., and Carter K., Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism, Proceedings of the 17th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID ’14), Lecture Notes in Computer Science (LNCS), September 2014.
(Full Paper)

S. Yakoubov, V. Gadepally, N. Schear, E. Shen and A. Yerukhimovich, A survey of cryptographic approaches to securing big-data analytics in the cloud, High Performance Extreme Computing Conference (HPEC), 2014 IEEE, 1-6, Sept 2014.
(Full Paper)

Herlands W., Hobson T., and Donovan P., Effective Entropy: Security-Centric Metric for Memory Randomization Techniques, Workshop on Cybersecurity Experimentation and Test, August 2014.
(Full Paper)

Hamlin, A., Herzog, J., A test-suite generator for database systems, High Performance Extreme Computing Conference (HPEC), 2014 IEEE, pp. 1-6, 2014.
(Full Paper)

Skowyra, R., Casteel, K., Okhravi, H., Zeldovich, N., Streilein, W., Systematic Analysis of Defenses Against Return-Oriented Programming, 16th International Symposium on Recent Advances in Intrusion Detection (RAID 2013), St. Lucia, October 2013.
(Full Paper)

Lippmann, R., Riordan, J., Yu, T., Watson, K., Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics, Project Report IA-3, MIT Lincoln Laboratory, Lexington, MA, 22 May 2012.
(Project Report)

Okhravi, H., Johnson, A., Haines, J., Mayberry, T., Chan, A., Dedicated vs. Distributed: A Study of Mission Survivability Metrics, Proceedings of IEEE Military Communications Conference (MILCOM), Nov 2011.
(Full paper)

Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Wenke, L. Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection, IEEE Symposium on Security & Privacy, Oakland, CA, May 22, 2011.
(Full Paper)

Okhravi, H., Bak, S., King, S., Design, Implementation and Evaluation of Covert Channel Attacks, Proceedings of the IEEE Conference on Homeland Security Technologies (IEEE HST '10), Waltham, MA , November 8-10, 2010.
(Full Paper)

Weaver, N., Paxson, V., Staniford, S., Cunningham, R. K., Large Scale Malicious Code: A Research Agenda, March 2003.
(Abstract)

 

top of page