├── .gitignore ├── data └── papers.csv ├── newpapers.txt ├── papers ├── __init__.py ├── __main__.py ├── classmodule.py └── funcmodule.py ├── readme.md └── setup.py /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | pip-wheel-metadata/ 24 | share/python-wheels/ 25 | *.egg-info/ 26 | .installed.cfg 27 | *.egg 28 | MANIFEST 29 | 30 | # PyInstaller 31 | # Usually these files are written by a python script from a template 32 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 33 | *.manifest 34 | *.spec 35 | 36 | # Installer logs 37 | pip-log.txt 38 | pip-delete-this-directory.txt 39 | 40 | # Unit test / coverage reports 41 | htmlcov/ 42 | .tox/ 43 | .nox/ 44 | .coverage 45 | .coverage.* 46 | .cache 47 | nosetests.xml 48 | coverage.xml 49 | *.cover 50 | .hypothesis/ 51 | .pytest_cache/ 52 | 53 | # Translations 54 | *.mo 55 | *.pot 56 | 57 | # Django stuff: 58 | *.log 59 | local_settings.py 60 | db.sqlite3 61 | db.sqlite3-journal 62 | 63 | # Flask stuff: 64 | instance/ 65 | .webassets-cache 66 | 67 | # Scrapy stuff: 68 | .scrapy 69 | 70 | # Sphinx documentation 71 | docs/_build/ 72 | 73 | # PyBuilder 74 | target/ 75 | 76 | # Jupyter Notebook 77 | .ipynb_checkpoints 78 | 79 | # IPython 80 | profile_default/ 81 | ipython_config.py 82 | 83 | # pyenv 84 | .python-version 85 | 86 | # pipenv 87 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 88 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 89 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 90 | # install all needed dependencies. 91 | #Pipfile.lock 92 | 93 | # celery beat schedule file 94 | celerybeat-schedule 95 | 96 | # SageMath parsed files 97 | *.sage.py 98 | 99 | # Environments 100 | .env 101 | .venv 102 | env/ 103 | venv/ 104 | ENV/ 105 | env.bak/ 106 | venv.bak/ 107 | 108 | # Spyder project settings 109 | .spyderproject 110 | .spyproject 111 | 112 | # Rope project settings 113 | .ropeproject 114 | 115 | # mkdocs documentation 116 | /site 117 | 118 | # mypy 119 | .mypy_cache/ 120 | .dmypy.json 121 | dmypy.json 122 | 123 | # Pyre type checker 124 | .pyre/ 125 | 126 | ## 127 | pdfs 128 | notability 129 | -------------------------------------------------------------------------------- /data/papers.csv: -------------------------------------------------------------------------------- 1 | year venue id title authors doi url dblp 2 | 2007 sp LiMC07 Usable Mandatory Integrity Protection for Operating Systems. Ninghui Li, Ziqing Mao, Hong Chen 10.1109/SP.2007.37 https://doi.org/10.1109/SP.2007.37 https://dblp.org/rec/conf/sp/LiMC07 3 | 2007 sp BaligaKI07 Lurking in the Shadows - Identifying Systemic Threats to Kernel Data. Arati Baliga, Pandurang Kamat, Liviu Iftode 10.1109/SP.2007.25 https://doi.org/10.1109/SP.2007.25 https://dblp.org/rec/conf/sp/BaligaKI07 4 | 2008 sp SunSPK08 Practical Proactive Integrity Preservation - A Basis for Malware Defense. Weiqing Sun, R. Sekar, Gaurav Poothia, Tejas Karandikar 10.1109/SP.2008.35 https://doi.org/10.1109/SP.2008.35 https://dblp.org/rec/conf/sp/SunSPK08 5 | 2008 sp BugraraA08 Verifying the Safety of User Pointer Dereferences. Suhabe Bugrara, Alex Aiken 10.1109/SP.2008.15 https://doi.org/10.1109/SP.2008.15 https://dblp.org/rec/conf/sp/BugraraA08 6 | 2012 sp PappasPK12 Smashing the Gadgets - Hindering Return-Oriented Programming Using In-place Code Randomization. Vasilis Pappas, Michalis Polychronakis, Angelos D. Keromytis 10.1109/SP.2012.41 https://doi.org/10.1109/SP.2012.41 https://dblp.org/rec/conf/sp/PappasPK12 7 | 2013 sp SzekeresPWS13 SoK - Eternal War in Memory. Laszlo Szekeres, Mathias Payer, Tao Wei, Dawn Song 10.1109/SP.2013.13 https://doi.org/10.1109/SP.2013.13 https://dblp.org/rec/conf/sp/SzekeresPWS13 8 | 2013 sp SnowMDDLS13 Just-In-Time Code Reuse - On the Effectiveness of Fine-Grained Address Space Layout Randomization. Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Ahmad-Reza Sadeghi 10.1109/SP.2013.45 https://doi.org/10.1109/SP.2013.45 https://dblp.org/rec/conf/sp/SnowMDDLS13 9 | 2014 sp CriswellDA14 KCoFI - Complete Control-Flow Integrity for Commodity Operating System Kernels. John Criswell, Nathan Dautenhahn, Vikram S. Adve 10.1109/SP.2014.26 https://doi.org/10.1109/SP.2014.26 https://dblp.org/rec/conf/sp/CriswellDA14 10 | 2014 sp ZhouYG14 Dancing with Giants - Wimpy Kernels for On-Demand Isolated I/O. Zongwei Zhou, Miao Yu, Virgil D. Gligor 10.1109/SP.2014.27 https://doi.org/10.1109/SP.2014.27 https://dblp.org/rec/conf/sp/ZhouYG14 11 | 2017 sp ChenZWQALVS17 NORAX - Enabling Execute-Only Memory for COTS Binaries on AArch64. Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed M. Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen 10.1109/SP.2017.30 https://doi.org/10.1109/SP.2017.30 https://dblp.org/rec/conf/sp/ChenZWQALVS17 12 | 2019 sp TianHCFJB19 LBM - A Security Framework for Peripherals within the Linux Kernel. Dave Jing Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Peter C. Johnson 0001, Kevin R. B. Butler 10.1109/SP.2019.00041 https://doi.org/10.1109/SP.2019.00041 https://dblp.org/rec/conf/sp/TianHCFJB19 13 | 2019 sp BurowZP19 SoK - Shining Light on Shadow Stacks. Nathan Burow, Xinping Zhang, Mathias Payer 10.1109/SP.2019.00076 https://doi.org/10.1109/SP.2019.00076 https://dblp.org/rec/conf/sp/BurowZP19 14 | 2019 sp SongLRNVLF19 SoK - Sanitizing for Security. Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz 10.1109/SP.2019.00010 https://doi.org/10.1109/SP.2019.00010 https://dblp.org/rec/conf/sp/SongLRNVLF19 15 | 2018 sp XuQL0K18 Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels. Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes 0001, Taesoo Kim 10.1109/SP.2018.00017 https://doi.org/10.1109/SP.2018.00017 https://dblp.org/rec/conf/sp/XuQL0K18 16 | 2000 ndss JainS00 User-Level Infrastructure for System Call Interposition - A Platform for Intrusion Detection and Confinement. K. Jain, R. Sekar https://www.ndss-symposium.org/ndss2000/user-level-infrastructure-system-call-interposition-platform-intrusion-detection-and-confinement/ https://dblp.org/rec/conf/ndss/JainS00 17 | 2003 ndss Garfinkel03 Traps and Pitfalls - Practical Problems in System Call Interposition Based Security Tools. Tal, Garfinkel https://www.ndss-symposium.org/ndss2003/traps-and-pitfalls-practical-problems-system-call-interposition-based-security-tools/ https://dblp.org/rec/conf/ndss/Garfinkel03 18 | 2004 ndss ChenDW04 Model Checking One Million Lines of C Code. Hao Chen 0003, Drew Dean, David A. Wagner 0001 https://www.ndss-symposium.org/ndss2004/model-checking-one-million-lines-c-code/ https://dblp.org/rec/conf/ndss/ChenDW04 19 | 2004 ndss GarfinkelPR04 Ostia - A Delegating Architecture for Secure System Call Interposition. Tal Garfinkel, Ben Pfaff, Mendel Rosenblum https://www.ndss-symposium.org/ndss2004/ostia-delegating-architecture-secure-system-call-interposition/ https://dblp.org/rec/conf/ndss/GarfinkelPR04 20 | 2005 ndss ChenDVW05 A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities. Shuo Chen, John Dunagan, Chad Verbowski, Yi-Min Wang https://www.ndss-symposium.org/ndss2005/black-box-tracing-technique-identify-causes-least-privilege-incompatibilities/ https://dblp.org/rec/conf/ndss/ChenDVW05 21 | 2009 ndss LanziSL09 K-Tracer - A System for Extracting Kernel Malware Behavior. Andrea Lanzi, Monirul I. Sharif, Wenke Lee https://www.ndss-symposium.org/ndss2009/k-tracer-system-extracting-kernel-malware-behavior/ https://dblp.org/rec/conf/ndss/LanziSL09 22 | 2009 ndss ChenLM09 Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems. Hong Chen, Ninghui Li, Ziqing Mao https://www.ndss-symposium.org/ndss2009/analyzing-and-comparing-the-protection-quality-of-security-enhanced-operating-systems/ https://dblp.org/rec/conf/ndss/ChenLM09 23 | 2009 ndss WangWLZ09 IntScope - Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution. Tielei Wang, Tao Wei, Zhiqiang Lin, Wei Zou https://www.ndss-symposium.org/ndss2009/intscope-automatically-detecting-integer-overflow-vulnerability-in-x86-binary-using-symbolic-execution/ https://dblp.org/rec/conf/ndss/WangWLZ09 24 | 2011 ndss XiongTL11 Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions. Xi Xiong, Donghai Tian, Peng Liu 0005 https://www.ndss-symposium.org/ndss2011/practical-protection-of-kernel-integrity-for-commodity-os-from-untrusted-extensions https://dblp.org/rec/conf/ndss/XiongTL11 25 | 2011 ndss SrivastavaG11 Efficient Monitoring of Untrusted Kernel-Mode Execution. Abhinav Srivastava, Jonathon T. Giffin https://www.ndss-symposium.org/ndss2011/efficient-monitoring-untrusted-kernel-mode-execution https://dblp.org/rec/conf/ndss/SrivastavaG11 26 | 2011 ndss LinRZXJ11 SigGraph - Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures. Zhiqiang Lin, Junghwan Rhee, Xiangyu Zhang 0001, Dongyan Xu, Xuxian Jiang https://www.ndss-symposium.org/ndss2011/siggraph-brute-force-scanning-of-kernel-data-structure-instances-using-graph-based-signatures https://dblp.org/rec/conf/ndss/LinRZXJ11 27 | 2012 ndss TianZW0H12 Kruiser - Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring. Donghai Tian, Qiang Zeng 0001, Dinghao Wu, Peng Liu 0005, Changzhen Hu https://www.ndss-symposium.org/ndss2012/kruiser-semi-synchronized-non-blocking-concurrent-kernel-heap-buffer-overflow-monitoring https://dblp.org/rec/conf/ndss/TianZW0H12 28 | 2013 ndss KurmusTDHRRSLK13 Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring. Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schröder-Preikschat, Daniel Lohmann, Rüdiger Kapitza https://www.ndss-symposium.org/ndss2013/attack-surface-metrics-and-automated-compile-time-os-kernel-tailoring https://dblp.org/rec/conf/ndss/KurmusTDHRRSLK13 29 | 2014 ndss ChengZYDD14 ROPecker - A Generic and Practical Approach For Defending Against ROP Attacks. Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding, Robert H. Deng https://www.ndss-symposium.org/ndss2014/ropecker-generic-and-practical-approach-defending-against-rop-attacks https://dblp.org/rec/conf/ndss/ChengZYDD14 30 | 2015 ndss LeeSJWKLL15 Preventing Use-after-free with Dangling Pointers Nullification. Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, Wenke Lee https://www.ndss-symposium.org/ndss2015/preventing-use-after-free-dangling-pointers-nullification https://dblp.org/rec/conf/ndss/LeeSJWKLL15 31 | 2016 ndss SongLLHKL16 Enforcing Kernel Security Invariants with Data Flow Integrity. Chengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, Taesoo Kim, Wenke Lee http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/enforcing-kernal-security-invariants-data-flow-integrity.pdf https://dblp.org/rec/conf/ndss/SongLLHKL16 32 | 2017 ndss DaviGLS17 PT-Rand - Practical Mitigation of Data-only Attacks against Page Tables. Lucas Davi, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/pt-rand-practical-mitigation-data-only-attacks-against-page-tables/ https://dblp.org/rec/conf/ndss/DaviGLS17 33 | 2017 ndss LuWPNL017 Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying. Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nümberger, Wenke Lee, Michael Backes 0001 https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/unleashing-use-initialization-vulnerabilities-linux-kernel-using-targeted-stack-spraying/ https://dblp.org/rec/conf/ndss/LuWPNL017 34 | 2018 ndss GensSDS18 K-Miner - Uncovering Memory Corruption in Linux. David Gens, Simon Schmitt, Lucas Davi, Ahmad-Reza Sadeghi http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_05A-1_Gens_paper.pdf https://dblp.org/rec/conf/ndss/GensSDS18 35 | 2004 osdi SwiftABL04 Recovering Device Drivers (Awarded Best Paper!). Michael M. Swift, Muthukaruppan Annamalai, Brian N. Bershad, Henry M. Levy http://www.usenix.org/events/osdi04/tech/swift.html https://dblp.org/rec/conf/osdi/SwiftABL04 36 | 2006 osdi ErlingssonAVBN06 XFI - Software Guards for System Address Spaces. Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, George C. Necula http://www.usenix.org/events/osdi06/tech/erlingsson.html https://dblp.org/rec/conf/osdi/ErlingssonAVBN06 37 | 2012 osdi WangCJZK12 Improving Integer Security for Systems with KINT. Xi Wang 0005, Haogang Chen 0001, Zhihao Jia, Nickolai Zeldovich, M. Frans Kaashoek https://www.usenix.org/conference/osdi12/technical-sessions/presentation/wang https://dblp.org/rec/conf/osdi/WangCJZK12 38 | 2014 osdi WangLZCT14 Jitk - A Trustworthy In-Kernel Interpreter Infrastructure. Xi Wang 0005, David Lazar, Nickolai Zeldovich, Adam Chlipala, Zachary Tatlock https://www.usenix.org/conference/osdi14/technical-sessions/presentation/wang_xi https://dblp.org/rec/conf/osdi/WangLZCT14 39 | 2016 osdi LittonVE0BD16 Light-Weight Contexts - An OS Abstraction for Safety and Performance. James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg 0001, Bobby Bhattacharjee, Peter Druschel https://www.usenix.org/conference/osdi16/technical-sessions/presentation/litton https://dblp.org/rec/conf/osdi/LittonVE0BD16 40 | 2016 osdi SchatzbergCDKA16 EbbRT - A Framework for Building Per-Application Library Operating Systems. Dan Schatzberg, James Cadden, Han Dong, Orran Krieger, Jonathan Appavoo https://www.usenix.org/conference/osdi16/technical-sessions/presentation/schatzberg https://dblp.org/rec/conf/osdi/SchatzbergCDKA16 41 | 2000 usenix Metz00a Safety Checking of Kernel Extensions. Craig Metz http://www.usenix.org/publications/library/proceedings/usenix2000/freenix/metzsafety.html https://dblp.org/rec/conf/usenix/Metz00a 42 | 2004 usenix Rahimi04 Trusted Path Execution for the Linux 2.6 Kernel as a Linux Security Module. Niki A. Rahimi http://www.usenix.org/publications/library/proceedings/usenix04/tech/freenix/rahimi.html https://dblp.org/rec/conf/usenix/Rahimi04 43 | 2009 usenix GuoE09 Linux Kernel Developer Responses to Static Analysis Bug Reports. Philip J. Guo, Dawson R. Engler https://www.usenix.org/conference/usenix-09/linux-kernel-developer-responses-static-analysis-bug-reports https://dblp.org/rec/conf/usenix/GuoE09 44 | 2010 usenix Boyd-WickizerZ10 Tolerating Malicious Device Drivers in Linux. Silas Boyd-Wickizer, Nickolai Zeldovich https://www.usenix.org/conference/usenix-atc-10/tolerating-malicious-device-drivers-linux https://dblp.org/rec/conf/usenix/Boyd-WickizerZ10 45 | 2014 usenix TartlerDSSL14 Static Analysis of Variability in System Software - The 90, 000 #ifdefs Issue. Reinhard Tartler, Christian Dietrich 0001, Julio Sincero, Wolfgang Schröder-Preikschat, Daniel Lohmann https://www.usenix.org/conference/atc14/technical-sessions/presentation/tartler https://dblp.org/rec/conf/usenix/TartlerDSSL14 46 | 2017 usenix LiDWC17 Lock-in-Pop - Securing Privileged Operating System Kernels by Keeping on the Beaten Path. Yiwen Li, Brendan Dolan-Gavitt, Sam Weber, Justin Cappos https://www.usenix.org/conference/atc17/technical-sessions/presentation/li-yiwen https://dblp.org/rec/conf/usenix/LiDWC17 47 | 2019 usenix BaiLCH19 Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers. Jia-Ju Bai, Julia Lawall, Qiu-Liang Chen, Shi-Min Hu 0001 https://www.usenix.org/conference/atc19/presentation/bai https://dblp.org/rec/conf/usenix/BaiLCH19 48 | 2019 usenix NarayananBJSBQH19 LXDs - Towards Isolation of Kernel Subsystems. Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scotty Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, Anton Burtsev https://www.usenix.org/conference/atc19/presentation/narayanan https://dblp.org/rec/conf/usenix/NarayananBJSBQH19 49 | 2000 ccs BernaschiGM00 Operating system enhancements to prevent the misuse of system calls. Massimo Bernaschi, Emanuele Gabrielli, Luigi V. Mancini 10.1145/352600.352624 https://doi.org/10.1145/352600.352624 https://dblp.org/rec/conf/ccs/BernaschiGM00 50 | 2007 ccs PetroniH07 Automated detection of persistent kernel control-flow attacks. Nick L. Petroni Jr., Michael W. Hicks 10.1145/1315245.1315260 https://doi.org/10.1145/1315245.1315260 https://dblp.org/rec/conf/ccs/PetroniH07 51 | 2009 ccs CarboneCLLPJ09 Mapping kernel objects to enable systematic integrity checking. Martim Carbone, Weidong Cui, Long Lu, Wenke Lee, Marcus Peinado, Xuxian Jiang 10.1145/1653662.1653729 https://doi.org/10.1145/1653662.1653729 https://dblp.org/rec/conf/ccs/CarboneCLLPJ09 52 | 2009 ccs Dolan-GavittSTG09 Robust signatures for kernel data structures. Brendan Dolan-Gavitt, Abhinav Srivastava, Patrick Traynor, Jonathon T. Giffin 10.1145/1653662.1653730 https://doi.org/10.1145/1653662.1653730 https://dblp.org/rec/conf/ccs/Dolan-GavittSTG09 53 | 2014 ccs KurmusZ14 A Tale of Two Kernels - Towards Ending Kernel Hardening Wars with Split Kernel. Anil Kurmus, Robby Zippel 10.1145/2660267.2660331 https://doi.org/10.1145/2660267.2660331 https://dblp.org/rec/conf/ccs/KurmusZ14 54 | 2016 ccs GrussMFLM16 Prefetch Side-Channel Attacks - Bypassing SMAP and Kernel ASLR. Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard 10.1145/2976749.2978356 https://doi.org/10.1145/2976749.2978356 https://dblp.org/rec/conf/ccs/GrussMFLM16 55 | 2016 ccs JangLK16 Breaking Kernel Address Space Layout Randomization with Intel TSX. Yeongjin Jang, Sangho Lee 0001, Taesoo Kim 10.1145/2976749.2978321 https://doi.org/10.1145/2976749.2978321 https://dblp.org/rec/conf/ccs/JangLK16 56 | 2016 ccs LuSKL16 UniSan - Proactive Kernel Memory Initialization to Eliminate Data Leakages. Kangjie Lu, Chengyu Song, Taesoo Kim, Wenke Lee 10.1145/2976749.2978366 https://doi.org/10.1145/2976749.2978366 https://dblp.org/rec/conf/ccs/LuSKL16 57 | 2017 ccs SilvestroLCLL17 FreeGuard - A Faster Secure Heap Allocator. Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu 10.1145/3133956.3133957 https://doi.org/10.1145/3133956.3133957 https://dblp.org/rec/conf/ccs/SilvestroLCLL17 58 | 2007 sosp KrohnYBCKKM07 Information flow control for standard OS abstractions. Maxwell N. Krohn, Alexander Yip, Micah Z. Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, Robert Tappan Morris 10.1145/1294261.1294293 https://doi.org/10.1145/1294261.1294293 https://dblp.org/rec/conf/sosp/KrohnYBCKKM07 59 | 2006 eurosys BallBCLLMORU06 Thorough static analysis of device drivers. Thomas Ball, Ella Bounimova, Byron Cook, Vladimir Levin, Jakob Lichtenberg, Con McGarvey, Bohus Ondrusek, Sriram K. Rajamani, Abdullah Ustuner 10.1145/1217935.1217943 https://doi.org/10.1145/1217935.1217943 https://dblp.org/rec/conf/eurosys/BallBCLLMORU06 60 | 2007 eurosys HuntAFHHLLSTW07 Sealing OS processes to improve dependability and safety. Galen C. Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James R. Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, Ted Wobber 10.1145/1272996.1273032 https://doi.org/10.1145/1272996.1273032 https://dblp.org/rec/conf/eurosys/HuntAFHHLLSTW07 61 | 2008 eurosys EfstathopoulosK08 Manageable fine-grained information flow. Petros Efstathopoulos, Eddie Kohler 10.1145/1352592.1352624 https://doi.org/10.1145/1352592.1352624 https://dblp.org/rec/conf/eurosys/EfstathopoulosK08 62 | 2009 eurosys RileyJX09 Multi-aspect profiling of kernel rootkit behavior. Ryan Riley, Xuxian Jiang, Dongyan Xu 10.1145/1519065.1519072 https://doi.org/10.1145/1519065.1519072 https://dblp.org/rec/conf/eurosys/RileyJX09 63 | 2010 eurosys LiWJGB10 Defeating return-oriented rootkits with Return-Less kernels. Jinku Li, Zhi Wang 0004, Xuxian Jiang, Michael C. Grace, Sina Bahram 10.1145/1755913.1755934 https://doi.org/10.1145/1755913.1755934 https://dblp.org/rec/conf/eurosys/LiWJGB10 64 | 2013 eurosys VijayakumarSJ13 Process firewalls - protecting processes during resource access. Hayawardh Vijayakumar, Joshua Schiffman, Trent Jaeger 10.1145/2465351.2465358 https://doi.org/10.1145/2465351.2465358 https://dblp.org/rec/conf/eurosys/VijayakumarSJ13 65 | 2017 eurosys KouweNG17 DangSan - Scalable Use-after-free Detection. Erik van der Kouwe, Vinod Nigade, Cristiano Giuffrida 10.1145/3064176.3064211 https://doi.org/10.1145/3064176.3064211 https://dblp.org/rec/conf/eurosys/KouweNG17 66 | 2017 eurosys BoosVZ17 A Characterization of State Spill in Modern Operating Systems. Kevin Boos, Emilio Del Vecchio, Lin Zhong 0001 10.1145/3064176.3064205 https://doi.org/10.1145/3064176.3064205 https://dblp.org/rec/conf/eurosys/BoosVZ17 67 | 2017 eurosys PomonisPKPK17 kRX - Comprehensive Kernel Protection against Just-In-Time Code Reuse. Marios Pomonis, Theofilos Petsios, Angelos D. Keromytis, Michalis Polychronakis, Vasileios P. Kemerlis 10.1145/3064176.3064216 https://doi.org/10.1145/3064176.3064216 https://dblp.org/rec/conf/eurosys/PomonisPKPK17 68 | 2008 uss DaltonKK08 Real-World Buffer Overflow Protection for Userspace and Kernelspace. Michael Dalton, Hari Kannan, Christos Kozyrakis http://www.usenix.org/events/sec08/tech/full_papers/dalton/dalton.pdf https://dblp.org/rec/conf/uss/DaltonKK08 69 | 2009 uss HundHF09 Return-Oriented Rootkits - Bypassing Kernel Code Integrity Protection Mechanisms. Ralf Hund, Thorsten Holz, Felix C. Freiling http://www.usenix.org/events/sec09/tech/full_papers/hund.pdf https://dblp.org/rec/conf/uss/HundHF09 70 | 2012 uss GiuffridaKT12 Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. Cristiano Giuffrida, Anton Kuijsten, Andrew S. Tanenbaum https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/giuffrida https://dblp.org/rec/conf/uss/GiuffridaKT12 71 | 2004 uss JohnsonW04 Finding User/Kernel Pointer Bugs with Type Inference. Robert Johnson, David A. Wagner 0001 http://www.usenix.org/publications/library/proceedings/sec04/tech/johnson.html https://dblp.org/rec/conf/uss/JohnsonW04 72 | -------------------------------------------------------------------------------- /newpapers.txt: -------------------------------------------------------------------------------- 1 | # Kernel Software Security 2 | 3 | ## sp 4 | Usable Mandatory Integrity Protection for Operating Systems 5 | Lurking in the Shadows: Identifying Systemic Threats to Kernel Data 6 | Practical Proactive Integrity Preservation: A Basis for Malware Defense 7 | Verifying the Safety of User Pointer Dereferences 8 | Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization 9 | SoK: Eternal War in Memory 10 | Practical Timing Side Channel Attacks against Kernel Space ASLR 11 | KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels 12 | Dancing with Giants: Wimpy Kernels for On-Demand Isolated I/O 13 | NORAX: Enabling Execute-Only Memory for COTS Binaries on AArch64 14 | LBM: A Security Framework for Peripherals within the Linux Kernel 15 | SoK: Shining Light on Shadow Stacks 16 | SoK: Sanitizing for Security 17 | Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels 18 | 19 | ## ndss 20 | User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement 21 | Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. 22 | Model Checking One Million Lines of C Code. 23 | Ostia: A Delegating Architecture for Secure System Call Interposition. 24 | A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities 25 | K-Tracer: A System for Extracting Kernel Malware Behavior. 26 | Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems. 27 | IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution. 28 | Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions. 29 | Efficient Monitoring of Untrusted Kernel-Mode Execution. 30 | SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures. 31 | Kruiser: Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring. 32 | Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring. 33 | ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks. 34 | Preventing Use-after-free with Dangling Pointers Nullification. 35 | Enforcing Kernel Security Invariants with Data Flow Integrity 36 | PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables. 37 | Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying. 38 | K-Miner: Uncovering Memory Corruption in Linux 39 | 40 | ## osdi 41 | Recovering Device Drivers 42 | XFI: Software Guards for System Address Spaces 43 | Improving Integer Security for Systems with KINT 44 | Jitk: A Trustworthy In-Kernel Interpreter Infrastructure 45 | Light-Weight Contexts: An OS Abstraction for Safety and Performance 46 | EbbRT: A Framework for Building Per-Application Library Operating Systems 47 | 48 | ## usenix 49 | Safety Checking of Kernel Extensions 50 | Trusted Path Execution for the Linux 2.6 Kernel as a Linux Security Module 51 | Linux Kernel Developer Responses to Static Analysis Bug Reports. 52 | Tolerating Malicious Device Drivers in Linux 53 | Static Analysis of Variability in System Software: The 90, 000 #ifdefs Issue. 54 | Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path 55 | Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers. 56 | LXDs: Towards Isolation of Kernel Subsystems. 57 | 58 | ## ccs 59 | Operating system enhancements to prevent the misuse of system calls. 60 | On the effectiveness of address-space randomization. 61 | Automated detection of persistent kernel control-flow attacks. 62 | Mapping kernel objects to enable systematic integrity checking. 63 | Robust signatures for kernel data structures. 64 | A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel. 65 | Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. 66 | Breaking Kernel Address Space Layout Randomization with Intel TSX. 67 | FreeGuard: A Faster Secure Heap Allocator 68 | 69 | ## sosp 70 | Information flow control for standard OS abstractions. 71 | 72 | ## eurosys 73 | Thorough static analysis of device drivers 74 | Sealing OS processes to improve dependability and safety 75 | Manageable fine-grained information flow 76 | Multi-aspect profiling of kernel rootkit behavior 77 | Defeating return-oriented rootkits with "Return-Less" kernels. 78 | Process firewalls: protecting processes during resource access. 79 | DangSan: Scalable Use-after-free Detection. 80 | A Characterization of State Spill in Modern Operating Systems. 81 | kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse. 82 | 83 | ## grsecurity 84 | 85 | #SELinux and grsecurity: A Case Study Comparing Linux Security Kernel Enhancements 86 | Real-World Buffer Overflow Protection for Userspace & Kernelspace 87 | Return-Oriented Rootkits:Bypassing Kernel Code Integrity Protection Mechanisms 88 | Securing The Kernel via Static Binary Rewriting and Program Shepherding 89 | A Robust Kernel-Based Solution to Control-Hijacking Buffer Overflow Attacks 90 | 91 | ## other 92 | 93 | #kBouncer: Efficient and Transparent ROP Mitigation 94 | #DROP THE ROP Fine-grained Control-flow integrity for the Linux Kernel (kCFI 95 | #PaX: The Guaranteed End of Arbitrary Code Execution 96 | UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages 97 | PrivGuard: Protecting Sensitive Kernel Data From Privilege Escalation Attacks 98 | Enhanced operating system security through efficient and fine-grained address space randomization 99 | Enforcing kernel security invariants with data flow integrity 100 | Mapping kernel objects to enable systematic integrity checking 101 | Finding User/Kernel Pointer Bugs with Type Inference 102 | -------------------------------------------------------------------------------- /papers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akshithg/linux-security-papers/8f99103cae346e5390cdf3dfbb8bba4abc70ddf2/papers/__init__.py -------------------------------------------------------------------------------- /papers/__main__.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | from .classmodule import Papers 3 | from .funcmodule import notability_export 4 | 5 | 6 | new_papers = './newpapers.txt' 7 | papers_csv = './data/papers.csv' 8 | readme = './readme.md' 9 | 10 | parser = argparse.ArgumentParser() 11 | parser.add_argument('-e', '--exists', 12 | help='check if a paper is already included') 13 | parser.add_argument('-l', '--list', action='store_true', 14 | help='list all papers') 15 | parser.add_argument('-r', '--readme', action='store_true', 16 | help='update the readme') 17 | parser.add_argument('-u', '--update', action='store_true', 18 | help='update list of papers') 19 | parser.add_argument('-y', action='store_true', 20 | help='doesnt ask for confirmation while updating') 21 | parser.add_argument('--notability', action='store_true', 22 | help='exports all pdfs for natability import') 23 | args = parser.parse_args() 24 | 25 | 26 | def main(): 27 | 28 | papers = Papers(papers_csv) 29 | 30 | if args.exists: 31 | print(papers.paper_exists(args.exists)) 32 | 33 | if args.list: 34 | papers.list_papers() 35 | 36 | if args.update: 37 | papers.update_papers(new_papers, args.y) 38 | 39 | if args.readme: 40 | papers.write_to_readme(readme) 41 | 42 | if args.notability: 43 | rename_pdf() 44 | 45 | if __name__ == '__main__': 46 | main() 47 | -------------------------------------------------------------------------------- /papers/classmodule.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import pandas as pd 3 | from fuzzywuzzy import fuzz 4 | 5 | 6 | class Paper(): 7 | def __init__(self, info): 8 | try: 9 | if type(info['authors']) is dict: 10 | self.authors = ', '.join(info['authors']['author']) \ 11 | if type(info['authors']['author']) is list \ 12 | else info['authors']['author'] 13 | else: 14 | self.authors = info['authors'] 15 | 16 | self.doi = info.get('doi', '') 17 | self.title = info['title'] 18 | self.year = info['year'] 19 | if 'dblp' in info.keys(): 20 | self.dblp = info['dblp'] 21 | self.url = info['url'] 22 | else: 23 | self.dblp = info['url'] 24 | self.url = info['ee'] 25 | self.id = str(self.dblp).split('/')[-1] 26 | self.venue = str(self.dblp).split('/')[-2] 27 | except Exception as e: 28 | print(info) 29 | 30 | def __repr__(self): 31 | x = "\n title: {}\ 32 | \n authors: {}\ 33 | \n venue: {} {}\ 34 | \n doi: {}\ 35 | \n url: {}\ 36 | \n dblp: {}\n"\ 37 | .format( 38 | self.title, 39 | self.authors, 40 | self.year, 41 | self.venue, 42 | self.doi, 43 | self.url, 44 | self.dblp, 45 | ) 46 | return x 47 | 48 | 49 | class dblp(): 50 | """ 51 | q The query string to search for, as described on a separate page. ...?q=test+search 52 | format The result format of the search. Recognized values are "xml", "json", and "jsonp". xml ...?q=test&format=json 53 | h Maximum number of search results (hits) to return. For bandwidth reasons, this number is capped at 1000. 30 ...?q=test&h=100 54 | f The first hit in the numbered sequence of search results (starting with 0) to return. In combination with the h parameter, this parameter can be used for pagination of search results. 0 ...?q=test&h=100&f=300 55 | c Maximum number of completion terms (see below) to return. For bandwidth reasons, this number is capped at 1000. 10 ...?q=test&c=0 56 | """ 57 | 58 | def __init__(self): 59 | pass 60 | 61 | def dblpapi(self, type): 62 | DBLP_API = { 63 | 'publ': 'http://dblp.org/search/publ/api', 64 | 'author': 'http://dblp.org/search/author/api', 65 | 'venue': 'http://dblp.org/search/venue/api', 66 | } 67 | return DBLP_API[type] 68 | 69 | def make_params(self, params={}): 70 | params['q'] = params.get('q') 71 | params['format'] = 'json' 72 | params['h'] = params.get('h', 5) 73 | params['f'] = params.get('f', 0) 74 | params['c'] = params.get('c', 100) 75 | return params 76 | 77 | def search(self, type, params): 78 | response = requests.get( 79 | self.dblpapi(type), 80 | params=params 81 | ) 82 | try: 83 | assert response.ok 84 | except AssertionError as e: 85 | print(e) 86 | print("###\n{}\n{}\n".format(response.request.url, response.json())) 87 | 88 | hits = response.json()['result']['hits'] 89 | for hit in hits['hit']: 90 | if type == 'publ': 91 | yield Paper(hit['info']) 92 | else: 93 | yield None 94 | 95 | def get_publ(self, title): 96 | """ 97 | search publications: title 98 | """ 99 | params = self.make_params({ 100 | 'q': title, 101 | }) 102 | return self.search('publ', params) 103 | 104 | def get_author(self, name): 105 | """ 106 | search author: author name 107 | """ 108 | params = self.make_params({ 109 | 'q': name, 110 | }) 111 | return self.search('author', params) 112 | 113 | def get_venue(self, venue): 114 | """ 115 | search venue 116 | """ 117 | params = self.make_params({ 118 | 'q': venue, 119 | 'h': 50, 120 | }) 121 | return self.search('venue', params) 122 | 123 | 124 | class Papers(): 125 | def __init__(self, f): 126 | self._file = open(f, 'a+') 127 | self._papers = pd.read_csv(f, '\t') 128 | 129 | def papers(self): 130 | for index, row in self._papers.iterrows(): 131 | yield Paper(row.to_dict()) 132 | 133 | def list_papers(self): 134 | for paper in self.papers(): 135 | print(paper) 136 | 137 | def paper_exists(self, p): 138 | exist = False 139 | for paper in self.papers(): 140 | if fuzz.ratio(p, paper.title) > 80: 141 | exist = True 142 | print(paper) 143 | return exist 144 | 145 | def update_papers(self, np, yes): 146 | with open(np, 'r+') as new_papers: 147 | papers = new_papers.readlines() 148 | db = dblp() 149 | 150 | for i in papers: 151 | i = i.strip() 152 | if (i == '' or i[0] == '#'): 153 | continue 154 | 155 | print("\nChecking: {}".format(i)) 156 | if self.paper_exists(i): 157 | print("Already present") 158 | continue 159 | else: 160 | print("Searching...") 161 | search_results = db.get_publ(i) 162 | assert search_results is not None 163 | 164 | for result in search_results: 165 | print(result) 166 | if not yes: 167 | update = input('Add ? (y/n)') 168 | if 'y' not in update.lower(): 169 | continue 170 | 171 | # year venue id title authors doi url 172 | csv_row = '{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}' 173 | print(csv_row.format( 174 | result.year, 175 | result.id, 176 | result.venue, 177 | result.title, 178 | result.authors, 179 | result.doi, 180 | result.url, 181 | result.dblp, 182 | ), file=self._file) 183 | self._file.flush() 184 | break 185 | 186 | print('Saved') 187 | 188 | def write_to_readme(self, readme): 189 | self._papers.sort_values( 190 | ['year', 'venue'], 191 | ascending=[True, True], 192 | inplace=True 193 | ) 194 | 195 | readme_header = """ 196 | # Linux Security Papers 197 | 198 | NOTE: Do **NOT** edit this file manually. 199 | 200 | 201 | ## List of papers 202 | """ 203 | 204 | readme_table = """ 205 | # | year | venue | title | authors | links 206 | ------|-----|-------|-------|---------|------""" 207 | 208 | table_row = '{} | {} | {} | {} | {} | [paper]({}) [{}]({})' 209 | 210 | with open(readme, 'w') as r: 211 | i = 1 212 | print(readme_header, file=r) 213 | print(readme_table, file=r) 214 | for p in self.papers(): 215 | print(table_row.format( 216 | i, 217 | p.year, 218 | p.venue, 219 | p.title, 220 | p.authors, 221 | p.url, 222 | p.id, 223 | p.dblp, 224 | ), file=r) 225 | 226 | i += 1 227 | -------------------------------------------------------------------------------- /papers/funcmodule.py: -------------------------------------------------------------------------------- 1 | import os 2 | import glob 3 | from .classmodule import Papers 4 | 5 | 6 | def notability_export(): 7 | path = './pdfs/*/*.pdf' 8 | pdfs = glob.glob(path) 9 | cmd = 'cp -f {} "{}"' 10 | papers = Papers('./data/papers.csv')._papers 11 | destination = "./notability/{}.pdf" 12 | 13 | for i in pdfs: 14 | dblp_id = i.split('/')[-1].split('.')[0] 15 | paper = papers.loc[papers['id'] == dblp_id].iloc[0] 16 | conf = i.split('/')[2] 17 | 18 | filename = paper['title']\ 19 | .replace('/', '_')\ 20 | .replace(' ', '_')\ 21 | .replace('-', '_')\ 22 | .replace('.', '') 23 | 24 | filename = '_'.join([ 25 | str(paper['year']), 26 | conf, 27 | filename 28 | ]) 29 | 30 | dst = destination.format(filename) 31 | os.system(cmd.format(i, dst)) 32 | # print(cmd.format(i, dst)) 33 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | 2 | # Linux Security Papers 3 | 4 | NOTE: Do **NOT** edit this file manually. 5 | 6 | 7 | ## List of papers 8 | 9 | 10 | # | year | venue | title | authors | links 11 | ------|-----|-------|-------|---------|------ 12 | 1 | 2000 | ccs | Operating system enhancements to prevent the misuse of system calls. | Massimo Bernaschi, Emanuele Gabrielli, Luigi V. Mancini | [paper](https://doi.org/10.1145/352600.352624) [BernaschiGM00](https://dblp.org/rec/conf/ccs/BernaschiGM00) 13 | 2 | 2000 | ndss | User-Level Infrastructure for System Call Interposition - A Platform for Intrusion Detection and Confinement. | K. Jain, R. Sekar | [paper](https://www.ndss-symposium.org/ndss2000/user-level-infrastructure-system-call-interposition-platform-intrusion-detection-and-confinement/) [JainS00](https://dblp.org/rec/conf/ndss/JainS00) 14 | 3 | 2000 | usenix | Safety Checking of Kernel Extensions. | Craig Metz | [paper](http://www.usenix.org/publications/library/proceedings/usenix2000/freenix/metzsafety.html) [Metz00a](https://dblp.org/rec/conf/usenix/Metz00a) 15 | 4 | 2003 | ndss | Traps and Pitfalls - Practical Problems in System Call Interposition Based Security Tools. | Tal, Garfinkel | [paper](https://www.ndss-symposium.org/ndss2003/traps-and-pitfalls-practical-problems-system-call-interposition-based-security-tools/) [Garfinkel03](https://dblp.org/rec/conf/ndss/Garfinkel03) 16 | 5 | 2004 | ndss | Model Checking One Million Lines of C Code. | Hao Chen 0003, Drew Dean, David A. Wagner 0001 | [paper](https://www.ndss-symposium.org/ndss2004/model-checking-one-million-lines-c-code/) [ChenDW04](https://dblp.org/rec/conf/ndss/ChenDW04) 17 | 6 | 2004 | ndss | Ostia - A Delegating Architecture for Secure System Call Interposition. | Tal Garfinkel, Ben Pfaff, Mendel Rosenblum | [paper](https://www.ndss-symposium.org/ndss2004/ostia-delegating-architecture-secure-system-call-interposition/) [GarfinkelPR04](https://dblp.org/rec/conf/ndss/GarfinkelPR04) 18 | 7 | 2004 | osdi | Recovering Device Drivers (Awarded Best Paper!). | Michael M. Swift, Muthukaruppan Annamalai, Brian N. Bershad, Henry M. Levy | [paper](http://www.usenix.org/events/osdi04/tech/swift.html) [SwiftABL04](https://dblp.org/rec/conf/osdi/SwiftABL04) 19 | 8 | 2004 | usenix | Trusted Path Execution for the Linux 2.6 Kernel as a Linux Security Module. | Niki A. Rahimi | [paper](http://www.usenix.org/publications/library/proceedings/usenix04/tech/freenix/rahimi.html) [Rahimi04](https://dblp.org/rec/conf/usenix/Rahimi04) 20 | 9 | 2004 | uss | Finding User/Kernel Pointer Bugs with Type Inference. | Robert Johnson, David A. Wagner 0001 | [paper](http://www.usenix.org/publications/library/proceedings/sec04/tech/johnson.html) [JohnsonW04](https://dblp.org/rec/conf/uss/JohnsonW04) 21 | 10 | 2005 | ndss | A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities. | Shuo Chen, John Dunagan, Chad Verbowski, Yi-Min Wang | [paper](https://www.ndss-symposium.org/ndss2005/black-box-tracing-technique-identify-causes-least-privilege-incompatibilities/) [ChenDVW05](https://dblp.org/rec/conf/ndss/ChenDVW05) 22 | 11 | 2006 | eurosys | Thorough static analysis of device drivers. | Thomas Ball, Ella Bounimova, Byron Cook, Vladimir Levin, Jakob Lichtenberg, Con McGarvey, Bohus Ondrusek, Sriram K. Rajamani, Abdullah Ustuner | [paper](https://doi.org/10.1145/1217935.1217943) [BallBCLLMORU06](https://dblp.org/rec/conf/eurosys/BallBCLLMORU06) 23 | 12 | 2006 | osdi | XFI - Software Guards for System Address Spaces. | Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, George C. Necula | [paper](http://www.usenix.org/events/osdi06/tech/erlingsson.html) [ErlingssonAVBN06](https://dblp.org/rec/conf/osdi/ErlingssonAVBN06) 24 | 13 | 2007 | ccs | Automated detection of persistent kernel control-flow attacks. | Nick L. Petroni Jr., Michael W. Hicks | [paper](https://doi.org/10.1145/1315245.1315260) [PetroniH07](https://dblp.org/rec/conf/ccs/PetroniH07) 25 | 14 | 2007 | eurosys | Sealing OS processes to improve dependability and safety. | Galen C. Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James R. Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, Ted Wobber | [paper](https://doi.org/10.1145/1272996.1273032) [HuntAFHHLLSTW07](https://dblp.org/rec/conf/eurosys/HuntAFHHLLSTW07) 26 | 15 | 2007 | sosp | Information flow control for standard OS abstractions. | Maxwell N. Krohn, Alexander Yip, Micah Z. Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, Robert Tappan Morris | [paper](https://doi.org/10.1145/1294261.1294293) [KrohnYBCKKM07](https://dblp.org/rec/conf/sosp/KrohnYBCKKM07) 27 | 16 | 2007 | sp | Usable Mandatory Integrity Protection for Operating Systems. | Ninghui Li, Ziqing Mao, Hong Chen | [paper](https://doi.org/10.1109/SP.2007.37) [LiMC07](https://dblp.org/rec/conf/sp/LiMC07) 28 | 17 | 2007 | sp | Lurking in the Shadows - Identifying Systemic Threats to Kernel Data. | Arati Baliga, Pandurang Kamat, Liviu Iftode | [paper](https://doi.org/10.1109/SP.2007.25) [BaligaKI07](https://dblp.org/rec/conf/sp/BaligaKI07) 29 | 18 | 2008 | eurosys | Manageable fine-grained information flow. | Petros Efstathopoulos, Eddie Kohler | [paper](https://doi.org/10.1145/1352592.1352624) [EfstathopoulosK08](https://dblp.org/rec/conf/eurosys/EfstathopoulosK08) 30 | 19 | 2008 | sp | Practical Proactive Integrity Preservation - A Basis for Malware Defense. | Weiqing Sun, R. Sekar, Gaurav Poothia, Tejas Karandikar | [paper](https://doi.org/10.1109/SP.2008.35) [SunSPK08](https://dblp.org/rec/conf/sp/SunSPK08) 31 | 20 | 2008 | sp | Verifying the Safety of User Pointer Dereferences. | Suhabe Bugrara, Alex Aiken | [paper](https://doi.org/10.1109/SP.2008.15) [BugraraA08](https://dblp.org/rec/conf/sp/BugraraA08) 32 | 21 | 2008 | uss | Real-World Buffer Overflow Protection for Userspace and Kernelspace. | Michael Dalton, Hari Kannan, Christos Kozyrakis | [paper](http://www.usenix.org/events/sec08/tech/full_papers/dalton/dalton.pdf) [DaltonKK08](https://dblp.org/rec/conf/uss/DaltonKK08) 33 | 22 | 2009 | ccs | Mapping kernel objects to enable systematic integrity checking. | Martim Carbone, Weidong Cui, Long Lu, Wenke Lee, Marcus Peinado, Xuxian Jiang | [paper](https://doi.org/10.1145/1653662.1653729) [CarboneCLLPJ09](https://dblp.org/rec/conf/ccs/CarboneCLLPJ09) 34 | 23 | 2009 | ccs | Robust signatures for kernel data structures. | Brendan Dolan-Gavitt, Abhinav Srivastava, Patrick Traynor, Jonathon T. Giffin | [paper](https://doi.org/10.1145/1653662.1653730) [Dolan-GavittSTG09](https://dblp.org/rec/conf/ccs/Dolan-GavittSTG09) 35 | 24 | 2009 | eurosys | Multi-aspect profiling of kernel rootkit behavior. | Ryan Riley, Xuxian Jiang, Dongyan Xu | [paper](https://doi.org/10.1145/1519065.1519072) [RileyJX09](https://dblp.org/rec/conf/eurosys/RileyJX09) 36 | 25 | 2009 | ndss | K-Tracer - A System for Extracting Kernel Malware Behavior. | Andrea Lanzi, Monirul I. Sharif, Wenke Lee | [paper](https://www.ndss-symposium.org/ndss2009/k-tracer-system-extracting-kernel-malware-behavior/) [LanziSL09](https://dblp.org/rec/conf/ndss/LanziSL09) 37 | 26 | 2009 | ndss | Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems. | Hong Chen, Ninghui Li, Ziqing Mao | [paper](https://www.ndss-symposium.org/ndss2009/analyzing-and-comparing-the-protection-quality-of-security-enhanced-operating-systems/) [ChenLM09](https://dblp.org/rec/conf/ndss/ChenLM09) 38 | 27 | 2009 | ndss | IntScope - Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution. | Tielei Wang, Tao Wei, Zhiqiang Lin, Wei Zou | [paper](https://www.ndss-symposium.org/ndss2009/intscope-automatically-detecting-integer-overflow-vulnerability-in-x86-binary-using-symbolic-execution/) [WangWLZ09](https://dblp.org/rec/conf/ndss/WangWLZ09) 39 | 28 | 2009 | usenix | Linux Kernel Developer Responses to Static Analysis Bug Reports. | Philip J. Guo, Dawson R. Engler | [paper](https://www.usenix.org/conference/usenix-09/linux-kernel-developer-responses-static-analysis-bug-reports) [GuoE09](https://dblp.org/rec/conf/usenix/GuoE09) 40 | 29 | 2009 | uss | Return-Oriented Rootkits - Bypassing Kernel Code Integrity Protection Mechanisms. | Ralf Hund, Thorsten Holz, Felix C. Freiling | [paper](http://www.usenix.org/events/sec09/tech/full_papers/hund.pdf) [HundHF09](https://dblp.org/rec/conf/uss/HundHF09) 41 | 30 | 2010 | eurosys | Defeating return-oriented rootkits with Return-Less kernels. | Jinku Li, Zhi Wang 0004, Xuxian Jiang, Michael C. Grace, Sina Bahram | [paper](https://doi.org/10.1145/1755913.1755934) [LiWJGB10](https://dblp.org/rec/conf/eurosys/LiWJGB10) 42 | 31 | 2010 | usenix | Tolerating Malicious Device Drivers in Linux. | Silas Boyd-Wickizer, Nickolai Zeldovich | [paper](https://www.usenix.org/conference/usenix-atc-10/tolerating-malicious-device-drivers-linux) [Boyd-WickizerZ10](https://dblp.org/rec/conf/usenix/Boyd-WickizerZ10) 43 | 32 | 2011 | ndss | Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions. | Xi Xiong, Donghai Tian, Peng Liu 0005 | [paper](https://www.ndss-symposium.org/ndss2011/practical-protection-of-kernel-integrity-for-commodity-os-from-untrusted-extensions) [XiongTL11](https://dblp.org/rec/conf/ndss/XiongTL11) 44 | 33 | 2011 | ndss | Efficient Monitoring of Untrusted Kernel-Mode Execution. | Abhinav Srivastava, Jonathon T. Giffin | [paper](https://www.ndss-symposium.org/ndss2011/efficient-monitoring-untrusted-kernel-mode-execution) [SrivastavaG11](https://dblp.org/rec/conf/ndss/SrivastavaG11) 45 | 34 | 2011 | ndss | SigGraph - Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures. | Zhiqiang Lin, Junghwan Rhee, Xiangyu Zhang 0001, Dongyan Xu, Xuxian Jiang | [paper](https://www.ndss-symposium.org/ndss2011/siggraph-brute-force-scanning-of-kernel-data-structure-instances-using-graph-based-signatures) [LinRZXJ11](https://dblp.org/rec/conf/ndss/LinRZXJ11) 46 | 35 | 2012 | ndss | Kruiser - Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring. | Donghai Tian, Qiang Zeng 0001, Dinghao Wu, Peng Liu 0005, Changzhen Hu | [paper](https://www.ndss-symposium.org/ndss2012/kruiser-semi-synchronized-non-blocking-concurrent-kernel-heap-buffer-overflow-monitoring) [TianZW0H12](https://dblp.org/rec/conf/ndss/TianZW0H12) 47 | 36 | 2012 | osdi | Improving Integer Security for Systems with KINT. | Xi Wang 0005, Haogang Chen 0001, Zhihao Jia, Nickolai Zeldovich, M. Frans Kaashoek | [paper](https://www.usenix.org/conference/osdi12/technical-sessions/presentation/wang) [WangCJZK12](https://dblp.org/rec/conf/osdi/WangCJZK12) 48 | 37 | 2012 | sp | Smashing the Gadgets - Hindering Return-Oriented Programming Using In-place Code Randomization. | Vasilis Pappas, Michalis Polychronakis, Angelos D. Keromytis | [paper](https://doi.org/10.1109/SP.2012.41) [PappasPK12](https://dblp.org/rec/conf/sp/PappasPK12) 49 | 38 | 2012 | uss | Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. | Cristiano Giuffrida, Anton Kuijsten, Andrew S. Tanenbaum | [paper](https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/giuffrida) [GiuffridaKT12](https://dblp.org/rec/conf/uss/GiuffridaKT12) 50 | 39 | 2013 | eurosys | Process firewalls - protecting processes during resource access. | Hayawardh Vijayakumar, Joshua Schiffman, Trent Jaeger | [paper](https://doi.org/10.1145/2465351.2465358) [VijayakumarSJ13](https://dblp.org/rec/conf/eurosys/VijayakumarSJ13) 51 | 40 | 2013 | ndss | Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring. | Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schröder-Preikschat, Daniel Lohmann, Rüdiger Kapitza | [paper](https://www.ndss-symposium.org/ndss2013/attack-surface-metrics-and-automated-compile-time-os-kernel-tailoring) [KurmusTDHRRSLK13](https://dblp.org/rec/conf/ndss/KurmusTDHRRSLK13) 52 | 41 | 2013 | sp | SoK - Eternal War in Memory. | Laszlo Szekeres, Mathias Payer, Tao Wei, Dawn Song | [paper](https://doi.org/10.1109/SP.2013.13) [SzekeresPWS13](https://dblp.org/rec/conf/sp/SzekeresPWS13) 53 | 42 | 2013 | sp | Just-In-Time Code Reuse - On the Effectiveness of Fine-Grained Address Space Layout Randomization. | Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Ahmad-Reza Sadeghi | [paper](https://doi.org/10.1109/SP.2013.45) [SnowMDDLS13](https://dblp.org/rec/conf/sp/SnowMDDLS13) 54 | 43 | 2014 | ccs | A Tale of Two Kernels - Towards Ending Kernel Hardening Wars with Split Kernel. | Anil Kurmus, Robby Zippel | [paper](https://doi.org/10.1145/2660267.2660331) [KurmusZ14](https://dblp.org/rec/conf/ccs/KurmusZ14) 55 | 44 | 2014 | ndss | ROPecker - A Generic and Practical Approach For Defending Against ROP Attacks. | Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding, Robert H. Deng | [paper](https://www.ndss-symposium.org/ndss2014/ropecker-generic-and-practical-approach-defending-against-rop-attacks) [ChengZYDD14](https://dblp.org/rec/conf/ndss/ChengZYDD14) 56 | 45 | 2014 | osdi | Jitk - A Trustworthy In-Kernel Interpreter Infrastructure. | Xi Wang 0005, David Lazar, Nickolai Zeldovich, Adam Chlipala, Zachary Tatlock | [paper](https://www.usenix.org/conference/osdi14/technical-sessions/presentation/wang_xi) [WangLZCT14](https://dblp.org/rec/conf/osdi/WangLZCT14) 57 | 46 | 2014 | sp | KCoFI - Complete Control-Flow Integrity for Commodity Operating System Kernels. | John Criswell, Nathan Dautenhahn, Vikram S. Adve | [paper](https://doi.org/10.1109/SP.2014.26) [CriswellDA14](https://dblp.org/rec/conf/sp/CriswellDA14) 58 | 47 | 2014 | sp | Dancing with Giants - Wimpy Kernels for On-Demand Isolated I/O. | Zongwei Zhou, Miao Yu, Virgil D. Gligor | [paper](https://doi.org/10.1109/SP.2014.27) [ZhouYG14](https://dblp.org/rec/conf/sp/ZhouYG14) 59 | 48 | 2014 | usenix | Static Analysis of Variability in System Software - The 90, 000 #ifdefs Issue. | Reinhard Tartler, Christian Dietrich 0001, Julio Sincero, Wolfgang Schröder-Preikschat, Daniel Lohmann | [paper](https://www.usenix.org/conference/atc14/technical-sessions/presentation/tartler) [TartlerDSSL14](https://dblp.org/rec/conf/usenix/TartlerDSSL14) 60 | 49 | 2015 | ndss | Preventing Use-after-free with Dangling Pointers Nullification. | Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, Wenke Lee | [paper](https://www.ndss-symposium.org/ndss2015/preventing-use-after-free-dangling-pointers-nullification) [LeeSJWKLL15](https://dblp.org/rec/conf/ndss/LeeSJWKLL15) 61 | 50 | 2016 | ccs | Prefetch Side-Channel Attacks - Bypassing SMAP and Kernel ASLR. | Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard | [paper](https://doi.org/10.1145/2976749.2978356) [GrussMFLM16](https://dblp.org/rec/conf/ccs/GrussMFLM16) 62 | 51 | 2016 | ccs | Breaking Kernel Address Space Layout Randomization with Intel TSX. | Yeongjin Jang, Sangho Lee 0001, Taesoo Kim | [paper](https://doi.org/10.1145/2976749.2978321) [JangLK16](https://dblp.org/rec/conf/ccs/JangLK16) 63 | 52 | 2016 | ccs | UniSan - Proactive Kernel Memory Initialization to Eliminate Data Leakages. | Kangjie Lu, Chengyu Song, Taesoo Kim, Wenke Lee | [paper](https://doi.org/10.1145/2976749.2978366) [LuSKL16](https://dblp.org/rec/conf/ccs/LuSKL16) 64 | 53 | 2016 | ndss | Enforcing Kernel Security Invariants with Data Flow Integrity. | Chengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, Taesoo Kim, Wenke Lee | [paper](http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/enforcing-kernal-security-invariants-data-flow-integrity.pdf) [SongLLHKL16](https://dblp.org/rec/conf/ndss/SongLLHKL16) 65 | 54 | 2016 | osdi | Light-Weight Contexts - An OS Abstraction for Safety and Performance. | James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg 0001, Bobby Bhattacharjee, Peter Druschel | [paper](https://www.usenix.org/conference/osdi16/technical-sessions/presentation/litton) [LittonVE0BD16](https://dblp.org/rec/conf/osdi/LittonVE0BD16) 66 | 55 | 2016 | osdi | EbbRT - A Framework for Building Per-Application Library Operating Systems. | Dan Schatzberg, James Cadden, Han Dong, Orran Krieger, Jonathan Appavoo | [paper](https://www.usenix.org/conference/osdi16/technical-sessions/presentation/schatzberg) [SchatzbergCDKA16](https://dblp.org/rec/conf/osdi/SchatzbergCDKA16) 67 | 56 | 2017 | ccs | FreeGuard - A Faster Secure Heap Allocator. | Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu | [paper](https://doi.org/10.1145/3133956.3133957) [SilvestroLCLL17](https://dblp.org/rec/conf/ccs/SilvestroLCLL17) 68 | 57 | 2017 | eurosys | DangSan - Scalable Use-after-free Detection. | Erik van der Kouwe, Vinod Nigade, Cristiano Giuffrida | [paper](https://doi.org/10.1145/3064176.3064211) [KouweNG17](https://dblp.org/rec/conf/eurosys/KouweNG17) 69 | 58 | 2017 | eurosys | A Characterization of State Spill in Modern Operating Systems. | Kevin Boos, Emilio Del Vecchio, Lin Zhong 0001 | [paper](https://doi.org/10.1145/3064176.3064205) [BoosVZ17](https://dblp.org/rec/conf/eurosys/BoosVZ17) 70 | 59 | 2017 | eurosys | kRX - Comprehensive Kernel Protection against Just-In-Time Code Reuse. | Marios Pomonis, Theofilos Petsios, Angelos D. Keromytis, Michalis Polychronakis, Vasileios P. Kemerlis | [paper](https://doi.org/10.1145/3064176.3064216) [PomonisPKPK17](https://dblp.org/rec/conf/eurosys/PomonisPKPK17) 71 | 60 | 2017 | ndss | PT-Rand - Practical Mitigation of Data-only Attacks against Page Tables. | Lucas Davi, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi | [paper](https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/pt-rand-practical-mitigation-data-only-attacks-against-page-tables/) [DaviGLS17](https://dblp.org/rec/conf/ndss/DaviGLS17) 72 | 61 | 2017 | ndss | Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying. | Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nümberger, Wenke Lee, Michael Backes 0001 | [paper](https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/unleashing-use-initialization-vulnerabilities-linux-kernel-using-targeted-stack-spraying/) [LuWPNL017](https://dblp.org/rec/conf/ndss/LuWPNL017) 73 | 62 | 2017 | sp | NORAX - Enabling Execute-Only Memory for COTS Binaries on AArch64. | Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed M. Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen | [paper](https://doi.org/10.1109/SP.2017.30) [ChenZWQALVS17](https://dblp.org/rec/conf/sp/ChenZWQALVS17) 74 | 63 | 2017 | usenix | Lock-in-Pop - Securing Privileged Operating System Kernels by Keeping on the Beaten Path. | Yiwen Li, Brendan Dolan-Gavitt, Sam Weber, Justin Cappos | [paper](https://www.usenix.org/conference/atc17/technical-sessions/presentation/li-yiwen) [LiDWC17](https://dblp.org/rec/conf/usenix/LiDWC17) 75 | 64 | 2018 | ndss | K-Miner - Uncovering Memory Corruption in Linux. | David Gens, Simon Schmitt, Lucas Davi, Ahmad-Reza Sadeghi | [paper](http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_05A-1_Gens_paper.pdf) [GensSDS18](https://dblp.org/rec/conf/ndss/GensSDS18) 76 | 65 | 2018 | sp | Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels. | Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes 0001, Taesoo Kim | [paper](https://doi.org/10.1109/SP.2018.00017) [XuQL0K18](https://dblp.org/rec/conf/sp/XuQL0K18) 77 | 66 | 2019 | sp | LBM - A Security Framework for Peripherals within the Linux Kernel. | Dave Jing Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Peter C. Johnson 0001, Kevin R. B. Butler | [paper](https://doi.org/10.1109/SP.2019.00041) [TianHCFJB19](https://dblp.org/rec/conf/sp/TianHCFJB19) 78 | 67 | 2019 | sp | SoK - Shining Light on Shadow Stacks. | Nathan Burow, Xinping Zhang, Mathias Payer | [paper](https://doi.org/10.1109/SP.2019.00076) [BurowZP19](https://dblp.org/rec/conf/sp/BurowZP19) 79 | 68 | 2019 | sp | SoK - Sanitizing for Security. | Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz | [paper](https://doi.org/10.1109/SP.2019.00010) [SongLRNVLF19](https://dblp.org/rec/conf/sp/SongLRNVLF19) 80 | 69 | 2019 | usenix | Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers. | Jia-Ju Bai, Julia Lawall, Qiu-Liang Chen, Shi-Min Hu 0001 | [paper](https://www.usenix.org/conference/atc19/presentation/bai) [BaiLCH19](https://dblp.org/rec/conf/usenix/BaiLCH19) 81 | 70 | 2019 | usenix | LXDs - Towards Isolation of Kernel Subsystems. | Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scotty Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, Anton Burtsev | [paper](https://www.usenix.org/conference/atc19/presentation/narayanan) [NarayananBJSBQH19](https://dblp.org/rec/conf/usenix/NarayananBJSBQH19) 82 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup 2 | setup( 3 | name='papers', 4 | version='0.1.0', 5 | packages=['papers'], 6 | entry_points={ 7 | 'console_scripts': [ 8 | 'papers = papers.__main__:main' 9 | ] 10 | }) 11 | --------------------------------------------------------------------------------