Secure Systems Lab -- Publications

Publications in OS and Virtualization Techniques

[1] Sealing the Window: Efficient Tamper Protection for Provenance Logs: Sagar Mishra and R. Sekar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2026.
(With minor revisions to the conference version. Software release).
[2] Minding the Gap: Bridging Causal Disconnects in System Provenance: Hanke Kimm, Sagar Mishra and R. Sekar
Workshop on Attack Provenance, Reasoning, and Investigation for Security in the Monitored Environment (PRISM) February, 2026.
Palo Alto Networks Best Paper Award (Software release).
[3] Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection: Lingzhi Wang, XiangminShen, Weijian Li, Zhenyuan Li, R. Sekar, Han Liu and Yan Chen
ISOC Network and Distributed Systems Symposium (NDSS) February, 2025.
[4] eAudit: A Fast, Scalable and Deployable Audit Data Collection System: R. Sekar, Hanke Kimm and Rohit Aich
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2024. (Software release).
[5] A New Tag-Based Approach for Real-Time Detection of Advanced Cyber Attacks: Md Nahid Hossain
PhD Dissertation (Stony Brook University) January, 2022.
[6] Efficient Audit Data Collection for Linux: Rohit Aich
Master's Thesis (Stony Brook University) August, 2021.
[7] Securing Web Applications: Riccardo Pelizzi
PhD Dissertation (Stony Brook University) May, 2016.
[8] Hardening OpenStack Cloud Platforms against Compute Node Compromises: Wai-Kit Sze, Abhinav Srivastava and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2016.
[9] Enhancing Multi-user OS with Network Provenance for Systematic Malware Defense: Wai-Kit Sze
PhD Dissertation (Stony Brook University) May, 2016.
[10] JaTE: Transparent and Efficient JavaScript Confinement: Tung Tran, Riccardo Pelizzi and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.
[11] Provenance-based Integrity Protection for Windows: Wai-Kit Sze and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.
[12] Harbormaster: Policy Enforcement for Containers: Mingwei Zhang, Daniel Marino and Petros Efstathopoulos
IEEE CloudCom (CloudCom) November, 2015.
[13] Towards More Usable Information Flow Policies for Contemporary Operating Systems: Wai-Kit Sze, Bhuvan Mital and R. Sekar
ACM Symposium on Access Control Models and Technologies (SACMAT) June, 2014.
Honorable mention for Best paper.
[14] Comprehensive Integrity Protection for Desktop Linux (Demo): Wai-Kit Sze and R. Sekar
ACM Symposium on Access Control Models and Technologies (SACMAT) June, 2014.
[15] A Platform for Secure Static Binary Instrumentation: Mingwei Zhang, Rui Qiao, Niranjan Hasabnis and R. Sekar
Virtual Execution Environments (VEE) March, 2014.
[16] A Portable User-Level Approach for System-wide Integrity Protection: Wai-Kit Sze and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2013.
[17] Control Flow Integrity for COTS Binaries: Mingwei Zhang and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2013.
Best paper award!.
[18] Protection, Usability and Improvements in Reflected XSS Filters: Riccardo Pelizzi and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2012.
[19] A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications: Riccardo Pelizzi and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2011.
[20] Online Signature Generation for Windows Systems: Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2009.
[21] Practical Techniques for Regeneration and Immunization of COTS Applications: Lixin Li, Mark R. Cornwell, E. Hultman, Jim Just and R. Sekar
Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009.
[22] An Efficient Black-box Technique for Defeating Web Application Attacks: R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
[23] Alcatraz: An Isolated Environment for Experimenting with Untrusted Software: Zhenkai Liang, Weiqing Sun, V.N. Venkatakrishnan and R. Sekar
ACM Transactions on Information and System Security (TISSEC) January, 2009.
[24] Expanding Malware Defense by Securing Software Installations: Weiqing Sun, R. Sekar, Zhenkai Liang and V.N. Venkatakrishnan
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
[25] V-NetLab: An Approach for Realizing Logically Isolated Networks for Security Experiments: Weiqing Sun, Varun Katta, Kumar Krishna and R. Sekar
Workshop on Cyber Security Experimentation and Test (in conjunction with USENIX Security) (CSET) July, 2008.
[26] Practical Proactive Integrity Preservation: A Basis for Malware Defense: Weiqing Sun, R. Sekar, Gaurav Poothia and Tejas Karandikar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2008.
[27] Address-Space Randomization for Windows Systems: Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2006.
[28] Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models: Zhenkai Liang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2005. (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.).
[29] Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers: Zhenkai Liang and R. Sekar
ACM Conference on Computer and Communications Security (CCS) November, 2005. (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.).
[30] V-NetLab: A Cost-Effective Platform to Support Course Projects in Computer Security: Kumar Krishna, Weiqing Sun, Pratik Rana, Tianning Li and R. Sekar
Annual Colloquium for Information Systems Security Education (CISSE) June, 2005.
[31] Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems (Short Paper): Zhenkai Liang, R. Sekar and Daniel DuVarney
USENIX Annual Technical Conference (USENIX) April, 2005.
[32] One-way Isolation: An Effective Approach for Realizing Safe Execution Environments: Weiqing Sun, Zhenkai Liang, V.N. Venkatakrishnan and R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2005. (Revised version of conference paper).
[33] Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs: Zhenkai Liang, V.N. Venkatakrishnan and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2003. Best paper award.
[34] Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications: R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Daniel DuVarney
ACM Symposium on Operating Systems Principles (SOSP) October, 2003.
[35] Experiences with Specification Based Intrusion Detection System: Prem Uppuluri and R. Sekar
Recent Advances in Intrusion Detection (RAID) October, 2001.
[36] Model-Carrying Code (MCC): A New Paradigm for Mobile-Code Security: R. Sekar, C.R. Ramakrishnan, I.V. Ramakrishnan and Scott Smolka
New Security Paradigms Workshop (NSPW) September, 2001.
[37] A Fast Automaton-Based~Method for Detecting Anomalous Program Behaviors: R. Sekar, Mugdha Bendre, Pradeep Bollineni and Dinakar Dhurjati
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2001.
[38] Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment: Thomas Bowen, Dana Chee, Mark Segal, R. Sekar, Tushar Shanbhag and Prem Uppuluri
DISCEX (DISCEX) February, 2000.
[39] User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement: Kapil Jain and R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2000.

Publications in OS and Virtualization Techniques

By Area

By Problem

Local Search