Home

Awesome

Linux Security Papers

NOTE: Do NOT edit this file manually.

List of papers

#yearvenuetitleauthorslinks
12000ccsOperating system enhancements to prevent the misuse of system calls.Massimo Bernaschi, Emanuele Gabrielli, Luigi V. Mancinipaper BernaschiGM00
22000ndssUser-Level Infrastructure for System Call Interposition - A Platform for Intrusion Detection and Confinement.K. Jain, R. Sekarpaper JainS00
32000usenixSafety Checking of Kernel Extensions.Craig Metzpaper Metz00a
42003ndssTraps and Pitfalls - Practical Problems in System Call Interposition Based Security Tools.Tal, Garfinkelpaper Garfinkel03
52004ndssModel Checking One Million Lines of C Code.Hao Chen 0003, Drew Dean, David A. Wagner 0001paper ChenDW04
62004ndssOstia - A Delegating Architecture for Secure System Call Interposition.Tal Garfinkel, Ben Pfaff, Mendel Rosenblumpaper GarfinkelPR04
72004osdiRecovering Device Drivers (Awarded Best Paper!).Michael M. Swift, Muthukaruppan Annamalai, Brian N. Bershad, Henry M. Levypaper SwiftABL04
82004usenixTrusted Path Execution for the Linux 2.6 Kernel as a Linux Security Module.Niki A. Rahimipaper Rahimi04
92004ussFinding User/Kernel Pointer Bugs with Type Inference.Robert Johnson, David A. Wagner 0001paper JohnsonW04
102005ndssA Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities.Shuo Chen, John Dunagan, Chad Verbowski, Yi-Min Wangpaper ChenDVW05
112006eurosysThorough static analysis of device drivers.Thomas Ball, Ella Bounimova, Byron Cook, Vladimir Levin, Jakob Lichtenberg, Con McGarvey, Bohus Ondrusek, Sriram K. Rajamani, Abdullah Ustunerpaper BallBCLLMORU06
122006osdiXFI - Software Guards for System Address Spaces.Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, George C. Neculapaper ErlingssonAVBN06
132007ccsAutomated detection of persistent kernel control-flow attacks.Nick L. Petroni Jr., Michael W. Hickspaper PetroniH07
142007eurosysSealing OS processes to improve dependability and safety.Galen C. Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James R. Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, Ted Wobberpaper HuntAFHHLLSTW07
152007sospInformation flow control for standard OS abstractions.Maxwell N. Krohn, Alexander Yip, Micah Z. Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, Robert Tappan Morrispaper KrohnYBCKKM07
162007spUsable Mandatory Integrity Protection for Operating Systems.Ninghui Li, Ziqing Mao, Hong Chenpaper LiMC07
172007spLurking in the Shadows - Identifying Systemic Threats to Kernel Data.Arati Baliga, Pandurang Kamat, Liviu Iftodepaper BaligaKI07
182008eurosysManageable fine-grained information flow.Petros Efstathopoulos, Eddie Kohlerpaper EfstathopoulosK08
192008spPractical Proactive Integrity Preservation - A Basis for Malware Defense.Weiqing Sun, R. Sekar, Gaurav Poothia, Tejas Karandikarpaper SunSPK08
202008spVerifying the Safety of User Pointer Dereferences.Suhabe Bugrara, Alex Aikenpaper BugraraA08
212008ussReal-World Buffer Overflow Protection for Userspace and Kernelspace.Michael Dalton, Hari Kannan, Christos Kozyrakispaper DaltonKK08
222009ccsMapping kernel objects to enable systematic integrity checking.Martim Carbone, Weidong Cui, Long Lu, Wenke Lee, Marcus Peinado, Xuxian Jiangpaper CarboneCLLPJ09
232009ccsRobust signatures for kernel data structures.Brendan Dolan-Gavitt, Abhinav Srivastava, Patrick Traynor, Jonathon T. Giffinpaper Dolan-GavittSTG09
242009eurosysMulti-aspect profiling of kernel rootkit behavior.Ryan Riley, Xuxian Jiang, Dongyan Xupaper RileyJX09
252009ndssK-Tracer - A System for Extracting Kernel Malware Behavior.Andrea Lanzi, Monirul I. Sharif, Wenke Leepaper LanziSL09
262009ndssAnalyzing and Comparing the Protection Quality of Security Enhanced Operating Systems.Hong Chen, Ninghui Li, Ziqing Maopaper ChenLM09
272009ndssIntScope - Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution.Tielei Wang, Tao Wei, Zhiqiang Lin, Wei Zoupaper WangWLZ09
282009usenixLinux Kernel Developer Responses to Static Analysis Bug Reports.Philip J. Guo, Dawson R. Englerpaper GuoE09
292009ussReturn-Oriented Rootkits - Bypassing Kernel Code Integrity Protection Mechanisms.Ralf Hund, Thorsten Holz, Felix C. Freilingpaper HundHF09
302010eurosysDefeating return-oriented rootkits with Return-Less kernels.Jinku Li, Zhi Wang 0004, Xuxian Jiang, Michael C. Grace, Sina Bahrampaper LiWJGB10
312010usenixTolerating Malicious Device Drivers in Linux.Silas Boyd-Wickizer, Nickolai Zeldovichpaper Boyd-WickizerZ10
322011ndssPractical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions.Xi Xiong, Donghai Tian, Peng Liu 0005paper XiongTL11
332011ndssEfficient Monitoring of Untrusted Kernel-Mode Execution.Abhinav Srivastava, Jonathon T. Giffinpaper SrivastavaG11
342011ndssSigGraph - Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures.Zhiqiang Lin, Junghwan Rhee, Xiangyu Zhang 0001, Dongyan Xu, Xuxian Jiangpaper LinRZXJ11
352012ndssKruiser - Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring.Donghai Tian, Qiang Zeng 0001, Dinghao Wu, Peng Liu 0005, Changzhen Hupaper TianZW0H12
362012osdiImproving Integer Security for Systems with KINT.Xi Wang 0005, Haogang Chen 0001, Zhihao Jia, Nickolai Zeldovich, M. Frans Kaashoekpaper WangCJZK12
372012spSmashing the Gadgets - Hindering Return-Oriented Programming Using In-place Code Randomization.Vasilis Pappas, Michalis Polychronakis, Angelos D. Keromytispaper PappasPK12
382012ussEnhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization.Cristiano Giuffrida, Anton Kuijsten, Andrew S. Tanenbaumpaper GiuffridaKT12
392013eurosysProcess firewalls - protecting processes during resource access.Hayawardh Vijayakumar, Joshua Schiffman, Trent Jaegerpaper VijayakumarSJ13
402013ndssAttack Surface Metrics and Automated Compile-Time OS Kernel Tailoring.Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schröder-Preikschat, Daniel Lohmann, Rüdiger Kapitzapaper KurmusTDHRRSLK13
412013spSoK - Eternal War in Memory.Laszlo Szekeres, Mathias Payer, Tao Wei, Dawn Songpaper SzekeresPWS13
422013spJust-In-Time Code Reuse - On the Effectiveness of Fine-Grained Address Space Layout Randomization.Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Ahmad-Reza Sadeghipaper SnowMDDLS13
432014ccsA Tale of Two Kernels - Towards Ending Kernel Hardening Wars with Split Kernel.Anil Kurmus, Robby Zippelpaper KurmusZ14
442014ndssROPecker - A Generic and Practical Approach For Defending Against ROP Attacks.Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding, Robert H. Dengpaper ChengZYDD14
452014osdiJitk - A Trustworthy In-Kernel Interpreter Infrastructure.Xi Wang 0005, David Lazar, Nickolai Zeldovich, Adam Chlipala, Zachary Tatlockpaper WangLZCT14
462014spKCoFI - Complete Control-Flow Integrity for Commodity Operating System Kernels.John Criswell, Nathan Dautenhahn, Vikram S. Advepaper CriswellDA14
472014spDancing with Giants - Wimpy Kernels for On-Demand Isolated I/O.Zongwei Zhou, Miao Yu, Virgil D. Gligorpaper ZhouYG14
482014usenixStatic Analysis of Variability in System Software - The 90, 000 #ifdefs Issue.Reinhard Tartler, Christian Dietrich 0001, Julio Sincero, Wolfgang Schröder-Preikschat, Daniel Lohmannpaper TartlerDSSL14
492015ndssPreventing Use-after-free with Dangling Pointers Nullification.Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, Wenke Leepaper LeeSJWKLL15
502016ccsPrefetch Side-Channel Attacks - Bypassing SMAP and Kernel ASLR.Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangardpaper GrussMFLM16
512016ccsBreaking Kernel Address Space Layout Randomization with Intel TSX.Yeongjin Jang, Sangho Lee 0001, Taesoo Kimpaper JangLK16
522016ccsUniSan - Proactive Kernel Memory Initialization to Eliminate Data Leakages.Kangjie Lu, Chengyu Song, Taesoo Kim, Wenke Leepaper LuSKL16
532016ndssEnforcing Kernel Security Invariants with Data Flow Integrity.Chengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, Taesoo Kim, Wenke Leepaper SongLLHKL16
542016osdiLight-Weight Contexts - An OS Abstraction for Safety and Performance.James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg 0001, Bobby Bhattacharjee, Peter Druschelpaper LittonVE0BD16
552016osdiEbbRT - A Framework for Building Per-Application Library Operating Systems.Dan Schatzberg, James Cadden, Han Dong, Orran Krieger, Jonathan Appavoopaper SchatzbergCDKA16
562017ccsFreeGuard - A Faster Secure Heap Allocator.Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liupaper SilvestroLCLL17
572017eurosysDangSan - Scalable Use-after-free Detection.Erik van der Kouwe, Vinod Nigade, Cristiano Giuffridapaper KouweNG17
582017eurosysA Characterization of State Spill in Modern Operating Systems.Kevin Boos, Emilio Del Vecchio, Lin Zhong 0001paper BoosVZ17
592017eurosyskRX - Comprehensive Kernel Protection against Just-In-Time Code Reuse.Marios Pomonis, Theofilos Petsios, Angelos D. Keromytis, Michalis Polychronakis, Vasileios P. Kemerlispaper PomonisPKPK17
602017ndssPT-Rand - Practical Mitigation of Data-only Attacks against Page Tables.Lucas Davi, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghipaper DaviGLS17
612017ndssUnleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying.Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nümberger, Wenke Lee, Michael Backes 0001paper LuWPNL017
622017spNORAX - Enabling Execute-Only Memory for COTS Binaries on AArch64.Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed M. Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shenpaper ChenZWQALVS17
632017usenixLock-in-Pop - Securing Privileged Operating System Kernels by Keeping on the Beaten Path.Yiwen Li, Brendan Dolan-Gavitt, Sam Weber, Justin Cappospaper LiDWC17
642018ndssK-Miner - Uncovering Memory Corruption in Linux.David Gens, Simon Schmitt, Lucas Davi, Ahmad-Reza Sadeghipaper GensSDS18
652018spPrecise and Scalable Detection of Double-Fetch Bugs in OS Kernels.Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes 0001, Taesoo Kimpaper XuQL0K18
662019spLBM - A Security Framework for Peripherals within the Linux Kernel.Dave Jing Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Peter C. Johnson 0001, Kevin R. B. Butlerpaper TianHCFJB19
672019spSoK - Shining Light on Shadow Stacks.Nathan Burow, Xinping Zhang, Mathias Payerpaper BurowZP19
682019spSoK - Sanitizing for Security.Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franzpaper SongLRNVLF19
692019usenixEffective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers.Jia-Ju Bai, Julia Lawall, Qiu-Liang Chen, Shi-Min Hu 0001paper BaiLCH19
702019usenixLXDs - Towards Isolation of Kernel Subsystems.Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scotty Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, Anton Burtsevpaper NarayananBJSBQH19