Selected publications

	(OSDI'2004) FFPF: Fairly Fast Packet Filters [HTML version] [Bibtex]
	(ACM TOCS'11) Application-tailored I/O with Streamline (also available here) [Bibtex]
	(Security & Privacy (Oakland) 2012) On the Soundness of Silence: Assessments of Malware Execution Studies [Bibtex]
	(IEEE INFOCOM 2008) Beltway buffers: avoiding the OS traffic jam [Bibtex]
	(IEEE COMPUTER 2006) Can We Make Operating Systems Reliable and Secure? [Bibtex]
	(ACM SIGOPS EUROSYS 2006) Argos: an Emulator for Fingerprinting Zero-Day Attacks [Bibtex]
	(ACM SIGOPS EUROSYS 2008) Eudaemon: Involuntary and On-Demand Emulation Against Zero-Day Exploits [Bibtex]
	(ACM SIGOPS EUROSYS 2009) Pointless tainting? Evaluating the practicality of pointer tainting [Bibtex]
	(NDSS'11) Howard: a dynamic excavator for reverse engineering data structures [Bibtex]
	(RAID'11) Minemu: The World's Fastest Taint Tracker [Bibtex]
	(RAID'06) SafeCard: a Gigabit IPS on the network card [Bibtex]
	(RAID'05) Towards software-based signature detection for intrusion prevention on the network card [Bibtex]

Publications (conferences + journals) by year

	2012
	Body Armor for Binaries: preventing buffer overflows without recompilation USENIX ATC 2012, Boston, MA, June 2012 [Bibtex]
	Keep Net Working - On a Dependable and Fast Networking Stack Dependable Systems and Networks (DSN), Boston, MA, June 2012 [Bibtex]
	Prudent Practices for Designing Malware Experiments: Status Quo and Outlook Security & Privacy (Oakland), San Francisco, California, May 2012 [Bibtex]
	2011
	Minemu: The World's Fastest Taint Tracker RAID'11, Menlo Park, California, September 2011 [Bibtex]
	Howard: a dynamic excavator for reverse engineering data structures NDSS'11, San Diego, California, February 2011 [Bibtex]
	On Botnets that use DNS for Command and Control EC2ND'11, Gothenburg, Sweden, September 2011 [Bibtex]
	Sandnet: Network Traffic Analysis of Malicious Software Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) April 10, 2011, Salzburg, Austria [Bibtex]
	System Security Research at VU University Amsterdam SYSSEC Workshop, Amsterdam, July 2011 [Bibtex]
	Application-tailored I/O with Streamline (also available here) ACM Transactions on Computer Systems (TOCS'11), May 2011. [Bibtex]
	2010
	Paranoid Android: Versatile Protection For Smartphones Annual Computer Security Applications Conference (ACSAC'10), Austin, Texas, December 2010 [Bibtex]
	DDE: Dynamic Data Structure Excavation ACM APSYS'10, New Delhi, India, August 2010 [Bibtex]
	Pointer tainting still pointless (but we all see the point of tainting) ACM SIGOPS Operating Systems Review (OSR), 44(3), July 2010 [Bibtex]
	Brief Announcement: A Shared Disk on Distributed Storage PODC'10, Zuerich, July 2010 [Bibtex]
	2009
	CacheCard: a transparent cache for static and dynamic content on the NIC Proceedings of ACM/IEEE ANCS, Princeton, NY, Oct. 2009 [Bibtex]
	Isolating Faulty Device Drivers Proceedings of IEEE/IFIP Dependable Systems and Networks (DSN 2009), Lisbon, Portugal, June 2009. [Bibtex]
	Pointless tainting? Evaluating the practicality of pointer tainting Proceedings of EUROSYS 2009, Nuremberg, Germany, March/April 2009. [Bibtex]
	Mapping and synchronizing streaming applications on Cell processors Proceedings of HiPEAC 2009, Paphos, Cyprus, January 25-28, 2009 [Bibtex]
	2008
	Countering IPC Threats in Multiserver Operating Systems IEEE PRDC, Taipei, Taiwan, December 2008. [Bibtex]
	PipesFS: Fast Linux I/O in the Unix Tradition Operating Systems Review, Special Issue on the Linux Kernel, July 2008. [Bibtex]
	Future Threats to Future Trust Conference on the Future of Trust in Computing, July 2008. [Bibtex]
	Model-T: Rethinking the OS for terabit speeds Proceedings of High-Speed Networks Workshop HSN 2008, Phoenix, AZ, April 2008 [Bibtex]
	Eudaemon: Involuntary and On-Demand Emulation Against Zero-Day Exploits Proceedings of ACM SIGOPS EUROSYS 2008, Glasgow, UK, April, 2008. [Bibtex]
	Beltway buffers: avoiding the OS traffic jam The 27th IEEE International Conference on Computer Communications (INFOCOM 2008), April 2008, Phoenix, Arizona. [Bibtex]
	Safe Execution of Untrusted Applications on Embedded Network Processors International Journal of Embedded Systems (IJES), InderScience, Vol.3, No. 4, 2008. [Bibtex]
	2007
	Ruler: easy packet matching and rewriting on network processors Symposium on Architectures for Networking and Communications Systems (ANCS'07) [Bibtex]
	The Age of Data: pinpointing guilty bytes in polymorphic buffer overflows on heap or stack 23rd Annual Computer Security Applications Conference (ACSAC'07), Miami, FLA, December 2007. [Bibtex]
	Tales from the Crypt: fingerprinting attacks on encrypted channels by way of retainting Proc. of 3rd European Conference on Computer Network Defense (EC2ND), Heraklion, Greece, October, 2007. Note: the paper in the link above has a better layout and more readable figures compared to the paper in the proceedings (we had to convert our latex to word which screwed things up a little). It also contains a few lines of text that were slashed from the paper in the proceedings for space reasons. If you want to know what the paper in the proceedings looks like, click here. [Bibtex]
	A component-based coordination language for efficient reconfigurable streaming applications Proc. of International Conference on Parallel Processing (ICPP'07), Xian, China, Sept. 2007 [Bibtex]
	Failure Resilience for Device Drivers IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE/IFIP DSN'07), Dependable Computing and Communication Track (William C. Carter award for best paper), Edinburgh, UK, June 2007. [Bibtex]
	Roadmap to a Failure-Resilient Operating System "USENIX ;login:", Volume 32, Number 1, February 2007 [Bibtex]
	The Token Based Switch: per-packet access authorisation to optical shortcuts IFIP Networking, Atlanta, Georgia, May, 2007 [Bibtex]
	2006
	SP@CE - An SP-based Programming Model for Consumer Electronics Streaming Applications Languages and Compilers for Parallel Computing (LCPC'06), New Orleans, Louisiana, USA, November, 2006 [Bibtex]
	Construction of a Highly Dependable Operating System (preprint) (Proceedings of EDCC'06, Coimbra, Portugal, October 2006) (accepted for publication) [Bibtex]
	MINIX 3: A Highly Reliable, Self-Repairing Operating System (ACM SIGOPS Operating Systems Review, vol. 40, nr. 3, July 2006) [Bibtex]
	Reorganizing UNIX for Reliability (preprint) (Proceedings of Asia-Pacific Computer Systems Architecture Conference (ACSAC'06), Shangai, China, September, 2006) (accepted for publication) [Bibtex]
	SafeCard: a Gigabit IPS on the network card (RAID'06, Hamburg, Germany, September 2006) [Bibtex]
	Can We Make Operating Systems Reliable and Secure? (IEEE Computer, Vol. 39, No. 5, pp. 44--51, ISSN 0018-9162, May 2006) [Bibtex]
	Supporting Reconfigurable Parallel Multimedia Applications (distinguished paper, ACM/IFIP/IEEE Euro-Par'06, August 2006) [Bibtex]
	Modular system programming in Minix 3 ("USENIX ;LOGIN:", Vol 31, No. 2, April 2006) [Bibtex]
	Argos: an Emulator for Fingerprinting Zero-Day Attacks (ACM SIGOPS EUROSYS 2006, Leuven, Begium, April 2006) [Bibtex]
	SweetBait: Zero-Hour Worm Detection and Containment Using Low- and High-Interaction Honeypots (Elsevier Computer Networks, Special Issue on Security through Self-Protecting and Self-Healing Systems, 2006) [Bibtex]
	Dynamically extending the Corral with native code for high-speed packet processing (Elsevier Computer Networks, Special Issue on Active and Programmable Networks, 50(14), pp. 2444-2461, October 2006) [Bibtex]
	File Size Distribution on UNIX Systems Then and Now (Operating Systems Review, Vol 40, No. 1, January 2006).) [Bibtex]
	2005
	Towards software-based signature detection for intrusion prevention on the network card (Proceedings of Eighth International Symposium on Recent Advances in Intrusion Detection (RAID2005), Seattle, Washington, September 2005.) [Bibtex] [PPT]
	Network intrusion prevention on the network card (IXA Summit, Hudson, MA, September 2005.)
	Robust distributed systems - achieving self-management through inference (Proceedings of First International IEEE WoWMoM Workshop on Autonomic Communications and Computing, ACC2005, Taormina, Italy, June 2005.) [Bibtex]
	FPL-3: towards language support for distributed packet processing (Proceedings of IFIP Networking, Waterloo, Ontario, Canada, May 2005 (accepted for publication).) [Bibtex]
	FPL-3e: towards language support for distributed reconfigurable packet processing (Proceedings of SAMOS V: Embedded Computer Systems: Architectures, MOdeling, and Simulation, Lecture Notes in Computer Science, Vol.3553/2005, ISSN 0302-9743, July, 2005.) [Bibtex]
	2004
	FFPF: Fairly Fast Packet Filters (Proceedings of 6th Symposium on Operating Systems Design and Implementation (OSDI'2004), San Francisco, CA, December 2004.) [HTML version] [Bibtex] [PPT] [Here is also a short FFPF tutorial (powerpoint) - from the Lobster workshop in Stockholm in May 2005]
	Scalable network monitors for high-speed links: a bottom-up approach (Proceedings of IEEE IPOM 2004, Beijing, China, October 2004.) [Bibtex]
	On the feasibility of using network processors for DNA processing (Slightly modified version of the NP3 paper, to be published as Chapter 10 in "Network Processor Design, Vol. 3", Morgan Kaufmann, pp. 10.1 -- 10.14, 2004.) [See also the NP3 paper below]
	SNMP Plus a Lightweight API for SNAP Handling (Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS'04), Seoul, Korea, April, 2004) [Bibtex]
	On the feasibility of using network processors for DNA processing (Proceedings of NP3, Workshop on Network Processors & Applications, Madrid, Spain, Feb, 2004) [Bibtex] [PPT]
	2003
	HOKES/POKES: Light-weight resource sharing (Proceedings of ACM SIGBED EMSOFT'03, October 2003, Philadelphia, USA) [Bibtex]
	SCAMPI: A Scalable and Programmable Architecture for Monitoring Gigabit Networks (Proceedings of E2EMon'03, September 2003, Dublin, Ireland) [Bibtex]
	Compiler assistance for safe resource sharing without hardware support (Compilers for Parallel Computers (CPC), Amsterdam, January 2003)
	2002
	A perspective on how ATM lost Control (ACM SIGCOMM Computer Communication Review, Volume 32, Number 5, November 2002)
	The OKE Corral: Code Organisation and Reconfiguration at Runtime using Active Linking (Proceedings of IWAN'2002, Zuerich, December 2002). [Bibtex]
	Safe Kernel Programming in the OKE (Here we explain the OKE in some detail. It is also the preferred OKE paper to cite. Proceedings of IEEE OpenArch'02, New York, June, 2002) [Bibtex]
	Towards Flexible Real-Time Network Monitoring Using a Network Processor. (Short paper: Proceedings of 3rd USENIX/NLUUG International SANE Conference 2002, pp. 409-410, Maastricht, May, 2002)
	2001 and earlier
	The Open Kernel Environment. (This is the first presentation of the OKE - OpenSig'2001, London, September, 2001)
	Elastic Network Control: An Alternative to Active Networks (This paper describes our work on marrying the various approaches to programmable networks in a single, sensible framework. Journal of Communications and Networks, Special Issue on Programmable Routers and Switches, Vol.3, No.2, 2001)
	Open Extensible Network Control (Journal of Network and Systems Management (JNSM), Vol.8. No.1, March 2000)
	Elastic Network Control (PhD thesis. Also published as Technical Report No. 483, Cambridge University Computer Laboratory, August 1999)
	Application-Specific Policies: Beyond the Domain Boundaries (Proceedings IM'99, Boston, USA, May 1999)   [HTML version]
	Application-specific Behaviour in Distributed Network Control (Proceedings ERSADS'99, Madeira, Portugal, April 1999)
	Building a Distributed Video Server using Advanced ATM Network Support (Proceedings IFIP/IEEE MMNS'98, Versailles, France, Nov. 1998)
	ATM Admission Control based on Reservations and Measurements (Proceedings IEEE IPCCC'98, Phoenix, Arizona, Feb. 1998)
	Efficient Reservations in Open ATM Network Control using Online Measurements (Int. J. of Communication Systems, V11, No. 4, August 1998) [HTML version]
	An Active Distributed File Server for Continuous Media (Proceedings ERSADS'97, Zinal, Switzerland, March 1997)

	Protecting smart phones by means of execution replication (Technical Report IR-CS-054, Vrije Universiteit Amsterdam, September 2009) Updated version: Paranoid Android: Zero-Day Protection for Smartphones Using the Cloud (Technical Report IR-CS-058, Vrije Universiteit Amsterdam, February 2010)
	Eudaemon: A Good Spirit to Protect Processes from Internet Attacks (Technical Report IR-CS-039, Vrije Universiteit Amsterdam, April 2007)
	Multi-tier intrusion detection by means of replayable virtual machines (Technical Report IR-CS-047, Vrije Universiteit Amsterdam, August, 2008)
	Streamline: Efficient OS Communication Through Versatile Streams (Technical Report IR-CS-038, Available on request, Vrije Universiteit Amsterdam, March 2007)
	Prospector: Accurate Analysis of Heap and Stack Overflows by Means of AgeStamps (Technical Report IR-CS-031 [supercedes IR-CS-023], Available on request, Vrije Universiteit Amsterdam, June 2006). Note: the prospector work was published in ACSAC'07. That paper is probably more readable than the TR and you may want to look at that paper instead: The Age of Data: pinpointing guilty bytes in polymorphic buffer overflows on heap or stack
	Ruler: high-speed traffic classification and rewriting using regular expressions (Technical Report IR-CS-027, Vrije Universiteit Amsterdam, July 2006)
	Using Beltway Buffers for efficient and structured I/O (Technical Report IR-CS-028, Vrije Universiteit Amsterdam, September 2006)
	Prospector : a protocol-specific detector of polymorphic buffer overflows (Technical Report IR-CS-023 [note: superceded by TR IR-CS-031], Vrije Universiteit Amsterdam, June 2006)
	Argos: an x86 emulator for fingerprinting zero-day attacks by means of dynamic data flow analysis [Available on request.] (Technical Report IR-CS-017, Vrije Universiteit Amsterdam, October 2005)
	Lessons learned in developing a flexible packet processor for high-speed links (Technical Report IR-CS-016, Vrije Universiteit Amsterdam, June 2005)
	SweetBait: Zero-Hour Worm Detection and Containment Using Honeypots (Technical Report IR-CS-015, Vrije Universiteit Amsterdam, May 2005)
	A network intrusion detection system on IXP1200 network processors with support for large rule sets (Technical Report 2004-02, LIACS, Leiden University, 2004)
	Packet monitoring at high speed with FFPF (Technical Report 2004-01, LIACS, Leiden University, 2004)
	High Noon at the OKE Corral: Code Organisation and Reconfiguration at Runtime using Active Linking , . (Technical Report 2003-07, LIACS, Leiden University, 2003, extended version of the IWAN'02 paper)
	Compiler assistance for safe resource sharing without hardware support (Technical Report 2003-06, LIACS, Leiden University, 2003)
	Elastic Network Control (Technical Report No. 483, Cambridge University Computer Laboratory, August 1999)
	Open Programmable Networks: On the Evolution of Network Infrastructures (Technical Report, KPN Research, 2000)
	Exceptional C: Design and Implementation of the XTC Compiler (Technical Report, Pegasus paper 94-12, October 1994)

	Wormen en Virussen: ongedierte op het net (Informatie, Themanummer IT en Misdaad, pp. 32-38, November 2005)
	Internet.next: verbonden met de snelheid van het licht - Of toch weer traag door de digitale modder? (Informatie, gastredactioneel, themanummer Internet2.0, mei 2006)
	Minix 3: Veilig en betrouwbaar besturingssysteem (Informatie, juni 2006)

	Rethinking OS support for high-speed networking [PPT]" (Talk at the ACM SIGOPS European Chapter Senior Workshop WIP session, Lisbon, 12-13 July 2005)
	FFPF Tutorial [PPT]" (Talk at RIPE meeting, tutorial session on passive monitoring, Stockholm, May 2005)

$Id: index.html,v 1.199 2012/04/08 20:11:51 herbertb Exp $