Welcome to the Secure Systems and Software Laboratory at the ​University of California, Irvine.

Research

  • DARPA Cyber Fault-tolerant Attack Recovery

  • MultiCompiler

  • TraceCompilation

People

Alumni

Latest Publications

S. Volckaert, B. Coppens, A. Voulimeneas, A. Homescu, P. Larsen, B. De Sutter, and M. Franz; "Secure and Efficient Application Monitoring and Replication;" accepted to appear in 2016 USENIX Annual Technical Conference (ATC 2016), Denver, Colorado; June 2016. (47 papers accepted out of 266 submissions = 17.6%)

J. Lettner, B. Kollenda, A. Homescu, P. Larsen, F. Schuster, L. Davi, A.-R. Sadeghi, T. Holz, and M. Franz; "Subversive-C: Abusing and Protecting Dynamic Message Dispatch;" accepted to appear in 2016 USENIX Annual Technical Conference (ATC 2016), Denver, Colorado; June 2016. (47 papers accepted out of 266 submissions = 17.6%)

G. Wagner, P. Larsen, S. Brunthaler, and M. Franz; "Thinking Inside the Box: Compartmentalized Garbage Collection;" in ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 38, No. 3, Article No. 9; May 2016.

K. Braden, S. Crane, L. Davi, M. Franz, P. Larsen, Ch. Liebchen, and A.-R. Sadeghi; "Leakage-Resilient Layout Randomization for Mobile Devices;" in 2016 Network and Distributed System Security Symposium (NDSS 2016),San Diego, California; February 2016. (60 papers accepted out of 389 submissions = 15.4%)

P. Larsen, S. Brunthaler, L. Davi, A.-R. Sadeghi, and M. Franz; Automated Software Diversity; Morgan & Claypool, San Rafael, California, ISBN 978-1-6270-5734-9 (paperback), ISBN 978-1-6270-5755-4 (ebook); December 2015.

S. Crane, S. Volckaert, F. Schuster, Ch. Liebchen, P. Larsen, L. Davi, A.-R. Sadeghi, T. Holz, B. De Sutter, and M Franz; "It's a TRAP: Table Randomization and Protection against Function Reuse Attacks;" in 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado; October 2015. (128 papers accepted out of 646 submissions = 19.4%)

M. Conti, S. Crane, L. Davi, M. Franz, P. Larsen, Ch. Liebchen, M. Negro, M. Qunaibit, and A.-R. Sadeghi; "Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks;" in 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado; October 2015. (128 papers accepted out of 646 submissions = 19.4%)

G. Savrun-Yeniceri, M. L. Van de Vanter, P. Larsen, S. Brunthaler, and M. Franz; "Efficient and Generic Event-based Profiler Framework for Dynamic Languages;" in 2015 International Conference on Principles and Practices of Programming on the Java platform: Virtual machines, Languages, and Tools (PPPJ'15), Melbourne, Florida; September 2015.

C. Stancu, Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Safe and Efficient Hybrid Memory Management for Java;" in International Symposium on Memory Management 2015 (ISMM'15), Portland, Oregon; June 2015.

A. Homescu, T. Jackson, S. Crane, S. Brunthaler, P. Larsen, and M. Franz; "Large-scale Automated Software Diversity–Program Evolution Redux;" accepted to appear in IEEE Transactions on Dependable and Secure Computing (TDSC), 2015.

S. Crane, Ch. Liebchen, A. Homescu, L. Davi, P. Larsen, A.-R. Sadeghi, S. Brunthaler, and M Franz; "Readactor: Practical Code Randomization Resilient to Memory Disclosure;" in 36th IEEE Symposium on Security and Privacy, San Jose, California; May 2015. (55 papers accepted out of 407 submissions = 13.5%)

P. Larsen, A. Homescu, S. Brunthaler, and M. Franz; "Automatic Software Diversity;" in IEEE Security and Privacy, Vol. 13, No. 2, pp. 30-37; March 2015.

S. Crane, A. Homescu, S. Brunthaler, P. Larsen, and M. Franz; "Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity;" in 2015 Network and Distributed System Security Symposium (NDSS 2015), San Diego, California; February 2015. (51 papers accepted out of 302 submissions = 16.9%)

V. Mohan, P. Larsen, S. Brunthaler, K. Hamlen, and M. Franz;" Opaque Control Flow Integrity" in 2015 Network and Distributed System Security Symposium (NDSS 2015), San Diego, California; February 2015. (51 papers accepted out of 302 submissions = 16.9%)

M. Murphy, P. Larsen, S. Brunthaler, and M. Franz; "Software Profiling Options and Their Effects on Security Based Code Diversification;" in First ACM Workshop on Moving Target Defense (MTD 2014), Scottsdale, Arizona; November 2014.

W. Zhang, P. Larsen, S. Brunthaler, and M. Franz; "Accelerating Iterators in Optimizing AST Interpreters;'' in 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA 2014), Portland, Oregon, pp. 727-743; October 2014. (52 papers accepted out of 186 submissions = 28%)

C. Stancu, Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Comparing Points-to Static Analysis with Runtime Recorded Profiling Data;" in 2014 International Conference on Principles and Practices of Programming on the Java platform: Virtual machines, Languages, and Tools (PPPJ 2014), Cracow, Poland, pp. 157-168; September 2014.

P. Larsen, A. Homescu, S. Brunthaler, and M. Franz; "SoK: Automated Software Diversity;" in 35th IEEE Symposium on Security and Privacy, San Jose, California, pp. 276-291; May 2014. (44 papers accepted out of 334 submissions = 13%)

P. Larsen, S. Brunthaler, and M. Franz; "Security through Diversity: Are We There Yet?," in IEEE Security and Privacy, Vol. 12, No. 2, pp. 28-35; March 2014.

G. Savrun-Yeniceri, W. Zhang, H. Zhang, E. Seckler, C. Li, S. Brunthaler, P. Larsen, and M. Franz; "Efficient Hosted Interpreters on the JVM;" in ACM Transactions on Architecture and Code Optimization (TACO), Vol. 11, No. 1, Article No. 9; February 2014.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Information Flow Tracking meets Just-In-Time Compilation;" in 9th International Conference on High-Performance and Embedded Architectures and Compilers (HiPEAC 2014), Vienna, Austria, January 2014.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Information Flow Tracking meets Just-In-Time Compilation;" in ACM Transactions on Architecture and Code Optimization (TACO), Vol. 10, No 4, Article No. 38; December 2013.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "CrowdFlow: Efficient Information Flow Security;" accepted for publication in 16th Information Security Conference (ISC 2013), Dallas, Texas; November 2013. (70 submissions, 16 accepted = 23% acceptance rate plus 14 short papers)

A. Homescu, P. Larsen, S. Brunthaler, and M. Franz; "librando: Transparent Code Randomization for Just-in-Time Compilers;" in 20th ACM Conference on Computer and Communications Security (CCS 2013), Berlin, Germany; November 2013. (105 papers accepted out of 530 submissions = 19.8%)

G. Savrun-Yeniceri, W. Zhang, H. Zhang, C. Li, P. Larsen, S. Brunthaler, and M. Franz; "Efficient Interpreter Optimizations for the JVM;" in 2013 International Conference on the Principles and Practice of Programming on the Java Platform: Virtual Machines, Languages, and Tools (PPPJ'13), Stuttgart, Germany; September 2013.

S. Crane, P. Larsen, S. Brunthaler, and M. Franz; "Booby Trapping Software;" in 2013 New Security Paradigms Workshop (NSPW 2013), Banff, Canada; September 2013.

E. Hennigan, Ch. Kerschbaumer, P. Larsen, S. Brunthaler, and M. Franz; "First-Class Labels: Using Information Flow to Debug Security Holes;" in M. Huth, N. Asokan, S. Capkun, I. Flechais, and L. Coles-Kemp (Eds.), Trust and Trustworthy Computing, 6th International Conference (TRUST 2013), London, United Kingdom, Springer Lecture Notes in Computer Science, Vol. 7904, ISBN 978-3-642-38907-8, pp. 151–168; June 2013.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Towards Precise and Efficient Information Flow Control in Web Browsers;" in M. Huth, N. Asokan, S. Capkun, I Flechais, and L. Coles-Kemp (Eds.), Trust and Trustworthy Computing, 6th International Conference (TRUST 2013), London, United Kingdom, Springer Lecture Notes in Computer Science, Vol. 7904, ISBN 978-3-642-38907-8, pp. 187–195; June 2013.

T. Jackson, A. Homescu, S. Crane, P. Larsen, S. Brunthaler, and M. Franz; "Diversifying the Software Stack Using Randomized NOP Insertion;" in S. Jajodia, A K Ghosh, V. S. Subrahmanian, V Swarup, C. Wang, X. S. Wang (Eds.),Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Springer Advances in Information Security, Vol. 100, ISBN 978-1-4614-5415-1, pp. 151-174; 2013.

A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz; "Profile-guided Automated Software Diversity,"' in 2013 International Symposium on Code Generation and Optimization (CGO 2013), Shenzhen, China; February 2013. (33 papers accepted out of 117 submissions = 28%)

A. Homescu, M. Stewart, P. Larsen, S. Brunthaler, and M. Franz; "Microgadgets: Size Does Matter In Turing-complete Return-oriented Programming,'" in 6th USENIX Workshop on Offensive Technologies (WOOT '12), Bellevue, Washington; August 2012.

Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Fine-Grained Modularity and Reuse of Virtual Machine Components;" in 11th Annual International Conference on Aspect-Oriented Software Development (AOSD '12), Potsdam, Germany, ACM Press, ISBN 978-1-4503-1092-5, pp. 203-214; March 2012.

G. Wagner, A. Gal, and M. Franz; “Slimming a Java Virtual Machine by way of Cold Code Removal and Optimistic Partial Program Loading;” in Science of Computer Programming, Vol. 76, No. 11, pp. 1037-1053; November 2011.

M. Chang, B. Mathiske, E. Smith, A. Chaudhuri, M. Bebenita, A Gal, Ch. Wimmer, and M Franz; "The Impact of Optional Type Information on JIT Compilation Of Dynamically Typed Languages" in 7th Dynamic Languages Symposium (DLS 2011), Portland, Oregon, ACM Press, ISBN 978-1-4503-0939-4, pp. 13-24; October 2011.

T. Jackson, B. Salamat, A. Homescu, K. Manivannan, G. Wagner, A. Gal, S. Brunthaler, Ch. Wimmer, and M. Franz; “Compiler-Generated Software Diversity;” in S. Jajodia, A.K. Ghosh, V. Swarup, C. Wang, and X.S. Wang (Eds.), Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats; Springer, ISBN 978-1-4614-0976-2; September 2011.

G. Wagner, A. Gal, Ch. Wimmer, B. Eich and M. Franz; "Compartmental Memory Management in a Modern Web Browser;" in International Symposium on Memory Management (ISMM 2011), San Jose, California; June 2011.

B. Salamat, T. Jackson, G. Wagner, Ch. Wimmer, and M. Franz: "Run-Time Defense against Code Injection Attacks using Replicated Execution ;" In IEEE Transactions on Dependable and Secure Computing. IEEE Computer Society, 2011.

T. Jackson, B. Salamat, G. Wagner, Ch. Wimmer, and M.Franz; “On the Effectiveness of Multi-Variant Program Execution for Vulnerability Detection and Prevention;” in International Workshop on Security Measurements and Metrics (MetriSec 2010), Bolzano-Bozen, Italy; September 2010.

M. Franz; “E unibus pluram: Massive-Scale Software Diversity as a Defense Mechanism;” in New Security Paradigms Workshop 2010 (NSPW 2010), Concord, Massachusetts; September 2010.

M. Bebenita, M. Chang, K. Manivannan, G. Wagner, M. Cintra, B. Mathiske, A. Gal, C. Wimmer, M. Franz; "Trace Based Compilation in Execution Environments Without Interpreters;" in A. Krall, H. Mössenböck (Eds.), 8th International Conference on the Principles and Practice of Programming in Java 2010 (PPPJ 2010), Vienna, Austria, ACM Press, ISBN 978-1-4503-0269-2, pp. 59–68; September 2010.

K. Manivannan, Ch. Wimmer, and M. Franz; “Decentralized Information Flow Control on a Bare-Metal JVM;” in Sixth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW’10), Oak Ridge National Laboratory, Oak Ridge, Tennessee; April 2010.

T. Jackson, Ch. Wimmer, and M. Franz; “Multi-Variant Program Execution for Vulnerability Detection and Analysis;” in Sixth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW’10), Oak Ridge National Laboratory, Oak Ridge, Tennessee; April 2010.

Ch. Wimmer and Michael Franz; "Linear Scan Register Allocation on SSA Form;" in International Symposium on Code Generation and Optimization (CGO), Toronto, Canada, ACM Press, ISBN 978-1-60558-635-9, pp. 170–179; April 2010.

A. Yermolovich, Ch. Wimmer, and M. Franz; "Optimization of Dynamic Languages Using Hierarchical Layering of Virtual Machines;" in Proceedings of the 5th Symposium on Dynamic Languages (DLS 2009), Orlando, Florida, ISBN 978-1-60558-769-1, pp. 79–88; October 2009.

Ch. Wimmer, M. Cintra, M. Bebenita, M. Chang, A. Gal, and M. Franz; "Phase Detection using Trace Compilation;" in The 7th International Conference on the Principles and Practice of Programming in Java 2009 (PPPJ 2009), Calgary, Alberta; August 2009.

Ch. Kerschbaumer, G. Wagner, Ch. Wimmer, A. Gal, Ch. Steger, and M. Franz; "SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems;" in The 7th International Conference on the Principles and Practice of Programming in Java 2009 (PPPJ 2009), Calgary, Alberta; August 2009.

W. Amme, J. von Ronne, Ph. Adler, and M. Franz; "The Effectiveness of Producer-Side Machine-Independent Optimizations for Mobile Code;" in Software—Practice and Experience, Vol. 29, No. 10, pp. 923–946; July 2009.

M. Bebenita, M. Chang, A. Gal, and M. Franz; "Stream-Based Dynamic Compilation for Object-Oriented Languages;" in 47th International Conference on Objects, Models, Components, Patterns (TOOLS-EUROPE 2009), Zurich, Switzerland; June 2009.

A. Gal, B. Eich, M. Shaver, D. Anderson, B. Kaplan. G. Hoare, D. Mandelin, B. Zbarsky, J. Orendorff, J. Ruderman, E. Smith, R. Reitmaier, M. R. Haghighat, M. Bebenita, M. Chang, and M Franz; "Trace-based Just-in-Time Type Specialization for Dynamic Languages;" in Programming Language Design and Implementation (PLDI 2009), Dublin, Ireland; June 2009. (34 papers accepted out of 196 submissions = 17.3%)

B. Salamat, T. Jackson, A. Gal, and M. Franz; "Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space;" in EuroSys'09, Nürnberg, Germany; April 2009. (25 papers accepted out of 148 submissions = 16.8%)

M. Franz; "Information-Flow Aware Virtual Machines: Foundations For Trustworthy Computing;" in Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH 2009), Washington, D.C.; March 2009.

E. Yardimci and M. Franz; "Mostly-Static Program Partitioning of Binary Executables;" in ACM Transactions on Programming Languages and Systems (TOPLAS).

M. Chang, E. Smith, R. Reitmaier, A. Gal, M. Bebenita, Ch. Wimmer, B. Eich, and M. Franz; "Tracing for Web 3.0: Trace Compilation for the Next Generation Web Applications;" in The 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE 2009), Washington, D.C.; March 2009.

L. Wang and M. Franz; "Automatic Partitioning of Object-Oriented Programs for Resource-Constrained Mobile Devices with Multiple Distribution Objectives;" in The 14th IEEE International Conference on Parallel and Distributed Systems (ICPADS'08), Melbourne, Victoria, Australia, December 2008.

G. Wagner, A. Gal, and M. Franz; "SlimVM: Optimistic Partial Program Loading for Connected Embedded Java Virtual Machines;" in The International Conference on the Principles and Practice on Programming in Java 2008 (PPPJ 2008), Modena, Italy; September 2008. Best Paper Award.

A. Yermolovich, A. Gal, and M. Franz; "Portable Execution of Legacy Binaries on the Java Virtual Machine;" in The International Conference on the Principles and Practice on Programming in Java 2008 (PPPJ 2008), Modena, Italy; September 2008.

A. Gal, Ch. W. Probst, and M. Franz; Java Bytecode Verification via Static Single Assignment Form; in ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 30, No. 4, Article No. 21, pp. 1-21; July 2008.

E. Yardimci and M. Franz; "Dynamic Parallelization of Binary Executables on Hierarchical Platforms;'' in The Journal of Instruction-Level Parallelism, Vol. 10, Paper 6, ISSN 1942-9525, pp. 1-24; June 2008.

Contact

Secure Systems and Software Laboratory
Department of Computer Science
University of California
Irvine, CA 92697-3425
phone: (949) 824-1546
fax: (949) 824-8019