Advanced Persistent Threats (APTs) are difficult to detect due to their" low-and-slow" attack
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …

Smartphones are steadily gaining popularity, creating new application areas as their
capabilities increase in terms of computational power, sensors and communication …

In recent years, researchers have proposed systems for running trusted code on an
untrusted operating system. Protection mechanisms deployed by such systems keep a …

Efficient and secure in-process isolation is in great demand, as evidenced in the shift
towards JavaScript and the recent revival of memory protection keys. Yet, state-of-the-art …

Dune is a system that provides applications with direct but safe access to hardware features
such as ring protection, page tables, and tagged TLBs, while preserving the existing OS …

We describe a new, general approach for safeguarding systems against any type of code-
injection attack. We apply Kerckhoff's principle, by creating process-specific randomized …

We present a practical protection mechanism against SQL injection attacks. Such attacks
target databases that are accessible through a web front-end, and take advantage of flaws in …

Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is
designed to detect malicious modifications to a host's kernel and has correctly detected the …

Effective syscall filtering is a key component for withstanding the numerous exploitation
techniques and privilege escalation attacks we face today. For example, modern browsers …

We introduce a system that eliminates the need to run programs in privileged process
contexts. Using our system, programs run unprivileged but may execute certain operations …