Manuel Egele
YOU?
Author Swipe
View article: EmbedFuzz: High Speed Fuzzing Through Transplantation
EmbedFuzz: High Speed Fuzzing Through Transplantation Open
Dynamic analysis and especially fuzzing are challenging tasks for embedded firmware running on modern low-end Microcontroller Units (MCUs) due to performance overheads from instruction emulation, the difficulty of emulating the vast space …
View article: SURGEON: Performant, Flexible, and Accurate Re-Hosting via Transplantation
SURGEON: Performant, Flexible, and Accurate Re-Hosting via Transplantation Open
Dynamic analysis of microcontroller-based embedded firmware remains challenging. The general lack of source code availability for Commercial-off-the-shelf (COTS) firmware prevents powerful source-based instrumentation and prohibits compili…
View article: Dataset Artifact for Prodigy: Towards Unsupervised Anomaly Detection in Production HPC Systems
Dataset Artifact for Prodigy: Towards Unsupervised Anomaly Detection in Production HPC Systems Open
The dataset contains a small set of application runs from Eclipse supercomputer. The applications run with and without synthetic HPC performance anomalies. More detailed information regarding synthetic anomalies can be found at: https://gi…
View article: Dataset Artifact for Prodigy: Towards Unsupervised Anomaly Detection in Production HPC Systems
Dataset Artifact for Prodigy: Towards Unsupervised Anomaly Detection in Production HPC Systems Open
The dataset contains a small set of application runs from Eclipse supercomputer. The applications run with and without synthetic HPC performance anomalies. More detailed information regarding synthetic anomalies can be found at: https://gi…
View article: ThreadLock: Native Principal Isolation Through Memory Protection Keys
ThreadLock: Native Principal Isolation Through Memory Protection Keys Open
Inter-process isolation has been deployed in operating systems for decades, but secure intra-process isolation remains an active research topic. Achieving secure intra-process isolation within an operating system process is notoriously dif…
View article: Evocatio
Evocatio Open
The popularity of coverage-guided greybox fuzzers has led to a tsunami of security-critical bugs that developers must prioritize and fix. Knowing the capabilities a bug exposes (e.g., type of vulnerability, number of bytes read/written) en…
View article: ProcessorFuzz: Guiding Processor Fuzzing using Control and Status Registers
ProcessorFuzz: Guiding Processor Fuzzing using Control and Status Registers Open
As the complexity of modern processors has increased over the years, developing effective verification strategies to identify bugs prior to manufacturing has become critical. Undiscovered micro-architectural bugs in processors can manifest…
View article: HotFuzz: Discovering Temporal and Spatial Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing
HotFuzz: Discovering Temporal and Spatial Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing Open
Fuzz testing repeatedly assails software with random inputs in order to trigger unexpected program behaviors, such as crashes or timeouts, and has historically revealed serious security vulnerabilities. In this article, we present HotFuzz,…
View article: Polytope: Practical Memory Access Control for C++ Applications
Polytope: Practical Memory Access Control for C++ Applications Open
Designing and implementing secure software is inarguably more important than ever. However, despite years of research into privilege separating programs, it remains difficult to actually do so and such efforts can take years of labor-inten…
View article: Using Monitoring Data to Improve HPC Performance via Network-Data-Driven Allocation
Using Monitoring Data to Improve HPC Performance via Network-Data-Driven Allocation Open
On high-performance computing (HPC) systems, job allocation strategies control the placement of a job among available nodes. As the placement changes a job's communication performance, allocation can significantly affects execution times o…
View article: SoK: Enabling Security Analyses of Embedded Systems via Rehosting
SoK: Enabling Security Analyses of Embedded Systems via Rehosting Open
Closely monitoring the behavior of a software system during its execution enables developers and analysts to observe, and ultimately understand, how it works. This kind of dynamic analysis can be instrumental to reverse engineering, vulner…
View article: To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media
To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media Open
To make their services more user friendly, online social media platforms automatically identify text that corresponds to URLs and render it as clickable links.In this paper, we show that the techniques used by such services to recognize UR…
View article: Efficient Sealable Protection Keys for RISC-V
Efficient Sealable Protection Keys for RISC-V Open
With the continuous increase in the number of software-based attacks, there has been a growing effort towards isolating sensitive data and trusted software components from untrusted third-party components. A hardware-assisted intra-process…
View article: Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers
Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers Open
Mobile browsers have become one of the main mediators of our online activities. However, as web pages continue to increase in size and streaming media on-the-go has become commonplace, mobile data plan constraints remain a significant conc…
View article: Studying the Privacy Issues of the Incorrect Use of the Feature Policy
Studying the Privacy Issues of the Incorrect Use of the Feature Policy Open
In addition to rendering HTML and providing Web access, Web browsers offer auxiliary features (e.g., camera, geolocation, microphone etc.) that can be used while browsing.Some of these features access sensitive information such as camera i…
View article: The Art, Science, and Engineering of Fuzzing: A Survey
The Art, Science, and Engineering of Fuzzing: A Survey Open
Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-…
View article: Fuzzing: Art, Science, and Engineering.
Fuzzing: Art, Science, and Engineering. Open
Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-…
View article: Online Diagnosis of Performance Variation in HPC Systems Using Machine Learning
Online Diagnosis of Performance Variation in HPC Systems Using Machine Learning Open
As the size and complexity of HPC systems grow in line with advancements in hardware and software technology, HPC systems increasingly suffer from performance variation due to shared resource contention as well as software- and hardware-re…
View article: Artifact for Taxonomist: Application Detection through Rich Monitoring Data
Artifact for Taxonomist: Application Detection through Rich Monitoring Data Open
Code, documentation, data and Jupyter Notebook associated with the publication "Taxonomist: Application Detection Through Rich Monitoring Data" for the European Conference on Parallel Processing 2018.The related study develops a technique …
View article: What's in a Name?
What's in a Name? Open
Users on Twitter are commonly identified by their profile names. These names are used when directly addressing users on Twitter, are part of their profile page URLs, and can become a trademark for popular accounts, with people referring to…
View article: What's in a Name? Understanding Profile Name Reuse on Twitter
What's in a Name? Understanding Profile Name Reuse on Twitter Open
Users on Twitter are commonly identified by their profile names. These names are used when directly addressing users on Twitter, are part of their profile page URLs, and can become a trademark for popular accounts, with people referring to…