Search For:

Displaying 1-45 out of 45 total
Web Service Engineering with DIWE
Found in: EUROMICRO Conference
By Engin Kirda, Clemens Kerer, Christopher Kruegel, Roman Kurmanowytsch
Issue Date:September 2003
pp. 283
A Web service is frequently defined as browser-less access to content on a Web site. The industry?s focus to date has been on providing easy-to-use low-level libraries, tools and technologies to enable the rapid construction of Web services. The problem of...
 
Engineering of Web services with XML and XSL
Found in: Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering (ESEC/FSE-9)
By Engin Kirda
Issue Date:September 2001
pp. 163-166
The important role of Web services in businesses and organizations is undisputed today. The construction and management of large Web services is still a challenge. The life cycle of a Web service includes the analysis, design, implementation and maintenanc...
     
Experiences in Engineering Flexible Web Services
Found in: IEEE Multimedia
By Engin Kirda, Mehdi Jazayeri, Clemens Kerer, Markus Schranz
Issue Date:January 2001
pp. 58-65
<p>The life cycle of Web service includes analysis, design, implementation and maintenance stages. The majority of existing Web tools only address the implementation phase and lack support for other stages. Our experiences in building and maintaining...
 
Prospex: Protocol Specification Extraction
Found in: Security and Privacy, IEEE Symposium on
By Paolo Milani Comparetti, Gilbert Wondracek, Christopher Kruegel, Engin Kirda
Issue Date:May 2009
pp. 110-125
Protocol reverse engineering is the process of extracting application-level specifications for network protocols. Such specifications are very useful in a number of security-related contexts, for example, to perform deep packet inspection and black-box fuz...
 
A Generic Content-Management Tool for Web Databases
Found in: IEEE Internet Computing
By Clemens Kerer, Engin Kirda, Roman Kurmanowytsch
Issue Date:July 2002
pp. 38-42
<p>On the Web, content providers can store textual information as HTML or XML files, or they can deploy it from databases, which provide several advantages, including support for transactions, better scalability, replication, indices, and constraint ...
 
Building Anti-Phishing Browser Plug-Ins: An Experience Report
Found in: Software Engineering for Secure Systems, International Workshop on
By Thomas Raffetseder, Engin Kirda, Christopher Kruegel
Issue Date:May 2007
pp. 6
Phishing is an online identity theft that aims to steal sensitive information such as user names, passwords, and credit card numbers. Although phishing is a simple social engineering attack, it has proven to be surprisingly effective. Hence, the number of ...
 
Supporting Collaboration in the Development of Tools and Dies in Manufacturing Networks
Found in: Enabling Technologies, IEEE International Workshops on
By Zorlu Yalniz, Engin Kirda
Issue Date:June 2003
pp. 87
Parallel to the development of a main product such as a car body or a mobile phone, numerous tools and dies need to be specified, developed and produced. The process chain of the tools and dies industry represents the functional link between the main produ...
 
Building and Managing XML/XSL-powered Web Sites: an Experience Report
Found in: Computer Software and Applications Conference, Annual International
By Clemens Kerer, Engin Kirda, Mehdi Jazayeri, Roman Kurmanowytsch
Issue Date:October 2001
pp. 547
The World Wide Web Consortium's eXtensible Markup Language (XML) and the eXtensible Stylesheet Language (XSL) are standards defined in the interest of multi-purpose publishing and content reuse. XML and XSL have been gaining popularity rapidly both in indu...
 
MOTION: A Peer-to-Peer Platform for Mobile Teamwork Support
Found in: Computer Software and Applications Conference, Annual International
By Engin Kirda, Harald Gall, Pascal Fenkam, Gerald Reif
Issue Date:August 2002
pp. 1115
Large, global enterprises are increasingly faced with the problem of supporting employees that are on the move. Employees need to share business documents, locate expertise and knowledge through distributed searches, access effective subscription/notificat...
 
A Web-Based Peer-to-Peer Architecture for Collaborative Nomadic Working
Found in: Enabling Technologies, IEEE International Workshops on
By Gerald Reif, Engin Kirda, Harald Gall, Pascal Fenkam, Gian Pietro Picco, Gianpaolo Cugola
Issue Date:June 2001
pp. 334
With the recent advances in mobile computing, distributed organizations are facing a growing need for advanced Information and Communication Technologies (ICT) that support mobile working. The ability to use information effectively anywhere and anytime has...
 
Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis
Found in: 2012 IEEE 36th Annual Computer Software and Applications Conference - COMPSAC 2012
By Theodoor Scholte,William Robertson,Davide Balzarotti,Engin Kirda
Issue Date:July 2012
pp. 233-243
Web applications have become an integral part of the daily lives of millions of users. Unfortunately, web applications are also frequently targeted by attackers, and criticial vulnerabilities such as cross-site scripting and SQL injection are still common....
 
Identifying Dormant Functionality in Malware Programs
Found in: Security and Privacy, IEEE Symposium on
By Paolo Milani Comparetti, Guido Salvaneschi, Engin Kirda, Clemens Kolbitsch, Christopher Kruegel, Stefano Zanero
Issue Date:May 2010
pp. 61-76
To handle the growing flood of malware, security vendors and analysts rely on tools that automatically identify and analyze malicious code. Current systems for automated malware analysis typically follow a dynamic approach, executing an unknown program in ...
 
Server-Side Bot Detection in Massively Multiplayer Online Games
Found in: IEEE Security and Privacy
By Stefan Mitterhofer, Christopher Kruegel, Engin Kirda, Christian Platzer
Issue Date:May 2009
pp. 29-36
One of the greatest threats that massive multiplayer online games (MMOGs) face today is botting, a form of cheating in which a player uses a script to automate actions in a game without actually playing. This has a severe adverse effect on honest players a...
 
Exploring Multiple Execution Paths for Malware Analysis
Found in: Security and Privacy, IEEE Symposium on
By Andreas Moser, Christopher Kruegel, Engin Kirda
Issue Date:May 2007
pp. 231-245
Malicious code (or malware) is defined as software that fulfills the deliberately harmful intent of an attacker. Malware analysis is the process of determining the behavior and purpose of a given malware sample (such as a virus, worm, or Trojan horse). Thi...
 
Protecting Users Against Phishing Attacks with AntiPhish
Found in: Computer Software and Applications Conference, Annual International
By Engin Kirda, Christopher Kruegel
Issue Date:July 2005
pp. 517-524
Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalat...
 
The Evolution of an Organizational Web Site: Migrating to XML/XSL
Found in: Web Site Evolution, IEEE International Workshop on
By Engin Kirda, Clemens Kerer, Mehdi Jazayeri, Harald Gall, Roman Kurmanowytsch
Issue Date:December 2001
pp. 62
With the advent of the World Wide Web, many organizational Web sites were initially created by a group of individuals who were interested in this new technology. These people were (and still are) often referred to as webmasters and designed the pages accor...
 
Exploiting diverse observation perspectives to get insights on the malware landscape
Found in: Dependable Systems and Networks, International Conference on
By Corrado Leita, Ulrich Bayer, Engin Kirda
Issue Date:July 2010
pp. 393-402
We are witnessing an increasing complexity in the malware analysis scenario. The usage of polymorphic techniques generates a new challenge: it is often difficult to discern the instance of a known polymorphic malware from that of a newly encountered malwar...
 
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
Found in: Security and Privacy, IEEE Symposium on
By Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, Engin Kirda
Issue Date:May 2010
pp. 29-44
Unfortunately, malicious software is still an unsolved problem and a major threat on the Internet. An important component in the fight against malicious software is the analysis of malware samples: Only if an analyst understands the behavior of a given sam...
 
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
Found in: Security and Privacy, IEEE Symposium on
By Davide Balzarotti, Marco Cova, Vika Felmetsger, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, Giovanni Vigna
Issue Date:May 2008
pp. 387-401
Web applications are ubiquitous, perform mission-critical tasks, and handle sensitive user data. Unfortunately, web applications are often implemented by developers with limited security skills, and, as a result, they contain vulnerabilities. Most of these...
 
Limits of Static Analysis for Malware Detection
Found in: Computer Security Applications Conference, Annual
By Andreas Moser, Christopher Kruegel, Engin Kirda
Issue Date:December 2007
pp. 421-430
Malicious code is an increasingly important problem that threatens the security of computer systems. The tradi- tional line of defense against malware is composed of mal- ware detectors such as virus and spyware scanners. Un- fortunately, both researchers ...
 
Secure Input for Web Applications
Found in: Computer Security Applications Conference, Annual
By Martin Szydlowski, Christopher Kruegel, Engin Kirda
Issue Date:December 2007
pp. 375-384
The web is an indispensable part of our lives. Every day, millions of users purchase items, transfer money, retrieve information and communicate over the web. Although the web is convenient for many users because it provides any- time, anywhere access to i...
 
Towards an Access Control System for Mobile Peer-to-Peer Collaborative Environments
Found in: Enabling Technologies, IEEE International Workshops on
By Pascal Fenkam, Schahram Dustdar, Engin Kirda, Gerald Reif, Harald Gall
Issue Date:June 2002
pp. 95
Access control is one of the key requirements in enterprise security. A number of approaches in distributed systems have been designed that support various (new) paradigms such as peer-to-peer, nomadic working, and teamworking. Few of them, however, explic...
 
Supporting Multi-Device Enabled Web Services: Challenges and Open Problems
Found in: Enabling Technologies, IEEE International Workshops on
By Engin Kirda, Clemens Kerer, Mehdi Jazayeri, Christopher Kruegel
Issue Date:June 2001
pp. 49
Service providers face a number of challenges when providing services to users accessing the World Wide Web from hand-held devices. Among these challenges are the small display sizes, the low bandwidth, input limitations, and mobility of these devices. Web...
 
Optical Delusions: A Study of Malicious QR Codes in the Wild
Found in: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
By Amin Kharraz,Engin Kirda,William Robertson,Davide Balzarotti,Aurelien Francillon
Issue Date:June 2014
pp. 192-203
QR codes, a form of 2D barcode, allow easy interaction between mobile devices and websites or printed material by removing the burden of manually typing a URL or contact information. QR codes are increasingly popular and are likely to be adopted by malware...
 
A Practical Attack to De-anonymize Social Network Users
Found in: Security and Privacy, IEEE Symposium on
By Gilbert Wondracek, Thorsten Holz, Engin Kirda, Christopher Kruegel
Issue Date:May 2010
pp. 223-238
Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates and have millions of registered users. In this paper, we introduce a novel de-anonymization attack that exploits group membership information that is ...
 
FIRE: FInding Rogue nEtworks
Found in: Computer Security Applications Conference, Annual
By Brett Stone-Gross, Christopher Kruegel, Kevin Almeroth, Andreas Moser, Engin Kirda
Issue Date:December 2009
pp. 231-240
For many years, online criminals have been able to conduct their illicit activities by masquerading behind disreputable Internet Service Providers (ISPs). For example, organizations such as the Russian Business Network (RBN), Atrivo (a.k.a., Intercage), Mc...
 
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
Found in: Security and Privacy, IEEE Symposium on
By Nenad Jovanovic, Christopher Kruegel, Engin Kirda
Issue Date:May 2006
pp. 258-263
<p>The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consumi...
 
Towards a Hierarchical, Semantic Peer-to-Peer Topology
Found in: Peer-to-Peer Computing, IEEE International Conference on
By Roman Kurmanowytsch, Mehdi Jazayeri, Engin Kirda
Issue Date:September 2002
pp. 167
We propose a new p2p network topology that reduces bandwidth consumption and provides complete searches by employing a tree hierarchy of indexing nodes that facilitates the search functionality. Each node consists of a cluster of peers to provide fault tol...
   
A service architecture for mobile teamwork
Found in: Proceedings of the 14th international conference on Software engineering and knowledge engineering (SEKE '02)
By Engin Kirda, Gerald Reif, Harald Gall, Pascal Fenkam
Issue Date:July 2002
pp. 513-518
Mobile teamwork has become an emerging requirement in the daily business of large enterprises. Employees collaborate across locations and need support while they are on the move. Business documents (artifacts) and expertise need to be shared independent of...
     
TWSAPI: A Generic Teamwork Services Application Programming Interface
Found in: Distributed Computing Systems Workshops, International Conference on
By Engin Kirda, Gerald Reif, Harald Gall, Pascal Fenkam
Issue Date:July 2002
pp. 365
One of the problems faced by large, global organizations and enterprises is to effectively enable their employees to collaborate across locations. People need collaborative work support while they are on the move and have to share business documents and kn...
 
Evaluation of a Publish/Subscribe System for Collaborative and Mobile Working
Found in: Enabling Technologies, IEEE International Workshops on
By Pascal Fenkam, Engin Kirda, Schahram Dustdar, Harald Gall, Gerald Reif
Issue Date:June 2002
pp. 23
The MObile Teamwork Infrastructure for Organizations Networking (MOTION)<sup>1</sup> service platform that we have designed and implemented addresses an emerging requirement in the daily business of large, distributed enterprises: support for m...
 
PatchDroid: scalable third-party security patches for Android devices
Found in: Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC '13)
By Collin Mulliner, Engin Kirda, Jon Oberheide, William Robertson
Issue Date:December 2013
pp. 259-268
Android is currently the largest mobile platform with around 750 million devices worldwide. Unfortunately, more than 30% of all devices contain publicly known security vulnerabilities and, in practice, cannot be updated through normal mechanisms since they...
     
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Found in: Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC '13)
By Alina Oprea, Ari Juels, Engin Kirda, Kaan Onarlioglu, Ting-Fang Yen, Todd Leetham, William Robertson
Issue Date:December 2013
pp. 199-208
As more and more Internet-based attacks arise, organizations are responding by deploying an assortment of security products that generate situational intelligence in the form of logs. These logs often contain high volumes of interesting and useful informat...
     
Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis
Found in: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12)
By Christopher Kruegel, Davide Balzarotti, Engin Kirda, Leyla Bilge, William Robertson
Issue Date:December 2012
pp. 129-138
Botnets continue to be a significant problem on the Internet. Accordingly, a great deal of research has focused on methods for detecting and mitigating the effects of botnets. Two of the primary factors preventing the development of effective large-scale, ...
     
A quantitative study of accuracy in system call-based malware detection
Found in: Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012)
By Andrea Lanzi, Christopher Kruegel, Davide Balzarotti, Davide Canali, Engin Kirda, Mihai Christodorescu
Issue Date:July 2012
pp. 122-132
Over the last decade, there has been a significant increase in the number and sophistication of malware-related attacks and infections. Many detection techniques have been proposed to mitigate the malware threat. A running theme among existing detection te...
     
A survey on automated dynamic malware-analysis techniques and tools
Found in: ACM Computing Surveys (CSUR)
By Manuel Egele, Theodoor Scholte, Christopher Kruegel, Engin Kirda
Issue Date:February 2012
pp. 1-42
Anti-virus vendors are confronted with a multitude of potentially malicious samples today. Receiving thousands of new samples every day is not uncommon. The signatures that detect confirmed malicious threats are mainly still created manually, so it is impo...
     
G-Free: defeating return-oriented programming through gadget-less binaries
Found in: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10)
By Andrea Lanzi, Davide Balzarotti, Engin Kirda, Kaan Onarlioglu, Leyla Bilge
Issue Date:December 2010
pp. 49-58
Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A r...
     
AccessMiner: using system-centric models for malware protection
Found in: Proceedings of the 17th ACM conference on Computer and communications security (CCS '10)
By Andrea Lanzi, Christopher Kruegel, Davide Balzarotti, Engin Kirda, Mihai Christodorescu
Issue Date:October 2010
pp. 399-412
Models based on system calls are a popular and common approach to characterize the run-time behavior of programs. For example, system calls are used by intrusion detection systems to detect software exploits. As another example, policies based on system ca...
     
A solution for the automated detection of clickjacking attacks
Found in: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10)
By Christopher Kruegel, Davide Balzarotti, Engin Kirda, Manuel Egele, Marco Balduzzi
Issue Date:April 2010
pp. 135-144
Clickjacking is a web-based attack that has recently received a wide media coverage. In a clickjacking attack, a malicious page is constructed such that it tricks victims into clicking on an element of a different page that is only barely (or not at all) v...
     
All your contacts are belong to us: automated identity theft attacks on social networks
Found in: Proceedings of the 18th international conference on World wide web (WWW '09)
By Davide Balzarotti, Engin Kirda, Leyla Bilge, Thorsten Strufe
Issue Date:April 2009
pp. 66-66
Social networking sites have been increasingly gaining popularity. Well-known sites such as Facebook have been reporting growth rates as high as 3% per week. Many social networking sites have millions of registered users who use these sites to share photog...
     
Precise alias analysis for static detection of web application vulnerabilities
Found in: Proceedings of the 2006 workshop on Programming languages and analysis for security (PLAS '06)
By Christopher Kruegel, Engin Kirda, Nenad Jovanovic
Issue Date:June 2006
pp. 27-36
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error...
     
SecuBat: a web vulnerability scanner
Found in: Proceedings of the 15th international conference on World Wide Web (WWW '06)
By Christopher Kruegel, Engin Kirda, Nenad Jovanovic, Stefan Kals
Issue Date:May 2006
pp. 247-256
As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. For example, there ...
     
An anomaly-driven reverse proxy for web applications
Found in: Proceedings of the 2006 ACM symposium on Applied computing (SAC '06)
By Christopher Kruegel, Engin Kirda, Fredrik Valeur, Giovanni Vigna
Issue Date:April 2006
pp. 361-368
Careless development of web-based applications results in vulnerable code being deployed and made available to the whole Internet, creating easily-exploitable entry points for the compromise of entire networks. To ameliorate this situation, we propose an a...
     
Noxes: a client-side solution for mitigating cross-site scripting attacks
Found in: Proceedings of the 2006 ACM symposium on Applied computing (SAC '06)
By Christopher Kruegel, Engin Kirda, Giovanni Vigna, Nenad Jovanovic
Issue Date:April 2006
pp. 330-337
Web applications are becoming the dominant way to provide access to on-line services. At the same time, web application vulnerabilities are being discovered and disclosed at an alarming rate. Web applications often make use of JavaScript code that is embed...
     
Service specific anomaly detection for network intrusion detection
Found in: Proceedings of the 2002 ACM symposium on Applied computing (SAC '02)
By Christopher Krugel, Engin Kirda, Thomas Toth
Issue Date:March 2002
pp. 201-208
The constant increase of attacks against networks and their resources (as recently shown by the CodeRed worm) causes a necessity to protect these valuable assets. Firewalls are now a common installation to repel intrusion attempts in the first place. Intru...
     
 1