Publications
2023
Fabian Froh, Matías Gobbi, and Johannes Kinder. Differential Static Analysis for Detecting Malicious Updates to Open Source Packages. In Proc. ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED), ACM, 2023.
BibTeX PDF
@inproceedings{scored23-diff-codeql,
author = {Fabian Froh and Mat{\'{i}}as Gobbi and Johannes Kinder},
title = {Differential Static Analysis for Detecting Malicious Updates to Open Source Packages},
booktitle = {Proc. ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED)},
publisher = {ACM},
year = {2023},
doi = {10.1145/3605770.3625211}
}
Christopher Lenk and Johannes Kinder. Poster: Privacy Risks from Misconfigured Android Content Providers. In Proc. 2023 ACM SIGSAC Conf. Computer and Communications Security (CCS), 2023.
BibTeX PDF
@inproceedings{ccs23poster-contentproviders,
author = {Christopher Lenk and Johannes Kinder},
title = {Poster: Privacy Risks from Misconfigured Android Content Providers},
booktitle = {Proc. 2023 ACM SIGSAC Conf. Computer and Communications Security (CCS)},
year = {2023},
doi = {10.1145/3576915.3624389}
}
Matías Gobbi and Johannes Kinder. Poster: Using CodeQL to Detect Malware in npm. In Proc. 2023 ACM SIGSAC Conf. Computer and Communications Security (CCS), 2023.
BibTeX PDF
@inproceedings{ccs23poster-codeql,
author = {Mat{\'{i}}as Gobbi and Johannes Kinder},
title = {Poster: Using CodeQL to Detect Malware in npm},
booktitle = {Proc. 2023 ACM SIGSAC Conf. Computer and Communications Security (CCS)},
year = {2023},
doi = {10.1145/3576915.3624401}
}
Lorenzo Cavallaro, Johannes Kinder, Feargus Pendlebury, and Fabio Pierazzi. Are Machine Learning Models for Malware Detection Ready for Prime Time? IEEE Secur. Priv., 21(2):53–56, 2023.
BibTeX URL PDF
@article{spmag23-mlmalware,
author = {Lorenzo Cavallaro and Johannes Kinder and Feargus Pendlebury and Fabio Pierazzi},
title = {Are Machine Learning Models for Malware Detection Ready for Prime Time?},
journal = {IEEE Secur. Priv.},
volume = {21},
number = {2},
pages = {53--56},
year = {2023},
doi = {10.1109/MSEC.2023.3236543},
url = {https://doi.org/10.1109/MSEC.2023.3236543}
}
James Patrick-Evans, Moritz Dannehl, and Johannes Kinder. XFL: Naming Functions in Binaries with Extreme Multi-label Learning. In Proc. IEEE Symp. Security and Privacy (S&P), pp. 1677–1692, IEEE, 2023.
BibTeX PDF
@inproceedings{oakland23-xfl,
author = {James Patrick-Evans and Moritz Dannehl and Johannes Kinder},
title = {XFL: Naming Functions in Binaries with Extreme Multi-label Learning},
booktitle = {Proc. IEEE Symp. Security and Privacy (S\&P)},
pages = {1677--1692},
publisher = {IEEE},
year = {2023},
doi = {10.1109/SP46215.2023.00096}
}
2022
Hernán Ponce-de-León and Johannes Kinder. Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks. In Proc. IEEE Symp. Security and Privacy (S&P), pp. 1415–1428, IEEE, 2022.
BibTeX PDF
@inproceedings{oakland22-cats-vs-spectre,
author = {Hern{\'a}n Ponce-de-Le{\'o}n and Johannes Kinder},
title = {Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks},
booktitle = {Proc. IEEE Symp. Security and Privacy (S\&P)},
pages = {1415--1428},
publisher = {IEEE},
year = {2022},
doi = {10.1109/SP46214.2022.00082}
}
2021
Hernán Ponce-de-León and Johannes Kinder. Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks. Tech. rep. arXiv:2108.13818, arXiv, 2021.
BibTeX URL
@techreport{cats-vs-spectre-arxiv,
author = {Hern{\'a}n Ponce-de-Le{\'o}n and Johannes Kinder},
title = {Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks},
number = {arXiv:2108.13818},
year = {2021},
institution = {arXiv},
url = {https://arxiv.org/abs/2108.13818}
}
Blake Loring and Johannes Kinder. Systematic Generation of Conformance Tests for JavaScript. Tech. rep. arXiv:2108.07075, arXiv, 2021.
BibTeX URL
@techreport{conformance-testing-arxiv,
author = {Blake Loring and Johannes Kinder},
title = {Systematic Generation of Conformance Tests for JavaScript},
number = {arXiv:2108.07075},
year = {2021},
institution = {arXiv},
url = {https://arxiv.org/abs/2108.07075}
}
James Patrick-Evans, Moritz Dannehl, and Johannes Kinder. XFL: eXtreme Function Labeling. Tech. rep. arXiv:2107.13404, arXiv, 2021.
BibTeX URL
@techreport{xfl-arxiv,
author = {James Patrick-Evans and Moritz Dannehl and Johannes Kinder},
title = {XFL: eXtreme Function Labeling},
number = {arXiv:2107.13404},
year = {2021},
institution = {arXiv},
url = {https://arxiv.org/abs/2107.13404}
}
2020
James Patrick-Evans, Lorenzo Cavallaro, and Johannes Kinder. Probabilistic Naming of Functions in Stripped Binaries. In Proc. 35th Annu. Computer Security Applications Conference (ACSAC), pp. 373–385, ACM, 2020.
BibTeX PDF
@inproceedings{acsac20-punstrip,
author = {James Patrick-Evans and Lorenzo Cavallaro and Johannes Kinder},
title = {Probabilistic Naming of Functions in Stripped Binaries},
booktitle = {Proc. 35th Annu. Computer Security Applications Conference (ACSAC)},
pages = {373--385},
publisher = {ACM},
year = {2020},
doi = {10.1145/3427228.3427265}
}
Daniel Lehmann, Johannes Kinder, and Michael Pradel. Everything Old is New Again: Binary Security of WebAssembly. In 29th USENIX Security Symposium (USENIX Security), pp. 217–234, USENIX Association, 2020.
BibTeX PDF
@inproceedings{usenixsecurity20-wasm,
author = {Daniel Lehmann and Johannes Kinder and Michael Pradel},
title = {Everything Old is New Again: Binary Security of WebAssembly},
booktitle = {29th USENIX Security Symposium (USENIX Security)},
pages = {217--234},
publisher = {USENIX Association},
year = {2020}
}
2019
Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (eds). Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019. ACM, 2019.
BibTeX URL
@proceedings{ccs2019,
title = {Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019},
editor = {Lorenzo Cavallaro and Johannes Kinder and XiaoFeng Wang and Jonathan Katz},
publisher = {ACM},
year = {2019},
doi = {10.1145/3319535},
isbn = {978-1-4503-6747-9},
url = {https://dl.acm.org/doi/proceedings/10.1145/3319535}
}
Duncan Mitchell and Johannes Kinder. A Formal Model for Checking Cryptographic API Usage in JavaScript. In Proc. European Symposium on Research in Computer Security (ESORICS), pp. 341–360, Springer, 2019.
BibTeX PDF
@inproceedings{esorics19-secannjs,
author = {Duncan Mitchell and Johannes Kinder},
title = {A Formal Model for Checking Cryptographic API Usage in JavaScript},
booktitle = {Proc. European Symposium on Research in Computer Security (ESORICS)},
series = {LNCS},
volume = {11735},
pages = {341--360},
publisher = {Springer},
year = {2019},
doi = {10.1007/978-3-030-29959-0\_17}
}
Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In 28th USENIX Security Symposium (USENIX Security), pp. 729–746, USENIX Association, 2019.
BibTeX PDF
@inproceedings{usenixsecurity19-tesseract,
author = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
title = {TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time},
booktitle = {28th USENIX Security Symposium (USENIX Security)},
pages = {729--746},
publisher = {USENIX Association},
year = {2019}
}
Blake Loring, Duncan Mitchell, and Johannes Kinder. Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript. In Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation (PLDI), pp. 425–438, ACM, 2019.
BibTeX PDF
@inproceedings{pldi19-regex,
author = {Blake Loring and Duncan Mitchell and Johannes Kinder},
title = {Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript},
booktitle = {Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation (PLDI)},
pages = {425--438},
publisher = {ACM},
year = {2019},
doi = {10.1145/3314221.3314645}
}
2018
Blake Loring, Duncan Mitchell, and Johannes Kinder. Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript. Tech. rep. CoRR:abs/1810.05661, arXiv, 2018.
BibTeX URL
@techreport{regex-arxiv,
author = {Blake Loring and Duncan Mitchell and Johannes Kinder},
title = {Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript},
number = {CoRR:abs/1810.05661},
year = {2018},
institution = {arXiv},
url = {https://arxiv.org/abs/1810.05661}
}
Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. Tech. rep. CoRR:abs/1807.07838, arXiv, 2018.
BibTeX URL
@techreport{tesseract-arxiv,
author = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
title = {TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time},
number = {CoRR:abs/1807.07838},
year = {2018},
institution = {arXiv},
url = {https://arxiv.org/abs/1807.07838}
}
Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. Enabling Fair ML Evaluations for Security. In Proc. 2018 ACM SIGSAC Conf. Computer and Communications Security (CCS), pp. 2264–2266, 2018.
BibTeX PDF
@inproceedings{ccs18poster,
author = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
title = {Enabling Fair ML Evaluations for Security},
booktitle = {Proc. 2018 ACM SIGSAC Conf. Computer and Communications Security (CCS)},
pages = {2264--2266},
year = {2018},
doi = {10.1145/3243734.3278505}
}
Claudio Rizzo, Lorenzo Cavallaro, and Johannes Kinder. BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews. In Int. Symp. Research in Attacks, Intrusions, and Defenses (RAID), 2018.
BibTeX PDF
@inproceedings{raid18-babelview,
author = {Claudio Rizzo and Lorenzo Cavallaro and Johannes Kinder},
title = {BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews},
booktitle = {Int. Symp. Research in Attacks, Intrusions, and Defenses (RAID)},
year = {2018},
doi = {10.1007/978-3-030-00470-5\_2}
}
Duncan Mitchell, L. Thomas van Binsbergen, Blake Loring, and Johannes Kinder. Checking Cryptographic API Usage with Composable Annotations. In ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation (PEPM), 2018.
BibTeX PDF
@inproceedings{pepm18-security-annotations,
author = {Duncan Mitchell and L. Thomas van Binsbergen and Blake Loring and Johannes Kinder},
title = {Checking Cryptographic API Usage with Composable Annotations},
booktitle = {ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation (PEPM)},
year = {2018},
doi = {10.1145/3162071}
}
2017
Claudio Rizzo, Lorenzo Cavallaro, and Johannes Kinder. BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews. Tech. rep. CoRR:abs/1709.05690, arXiv, 2017.
BibTeX URL
@techreport{babelview-arxiv,
author = {Claudio Rizzo and Lorenzo Cavallaro and Johannes Kinder},
title = {BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews},
number = {CoRR:abs/1709.05690},
year = {2017},
institution = {arXiv},
url = {https://arxiv.org/abs/1709.05690}
}
Dusan Repel, Johannes Kinder, and Lorenzo Cavallaro. Modular Synthesis of Heap Exploits. In Proc. ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS), ACM, 2017.
BibTeX PDF
@inproceedings{plas17-heapaeg,
author = {Dusan Repel and Johannes Kinder and Lorenzo Cavallaro},
title = {Modular Synthesis of Heap Exploits},
booktitle = {Proc. ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS)},
publisher = {ACM},
year = {2017},
doi = {10.1145/3139337.3139346}
}
James Patrick-Evans, Lorenzo Cavallaro, and Johannes Kinder. POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection. In 11th USENIX Workshop on Offensive Technologies (WOOT), 2017. Best Paper Award.
BibTeX PDF
@inproceedings{woot17-potus,
author = {James Patrick-Evans and Lorenzo Cavallaro and Johannes Kinder},
title = {POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection},
booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT)},
year = {2017},
note = {Best Paper Award}
}
Blake Loring, Duncan Mitchell, and Johannes Kinder. ExpoSE: Practical Symbolic Execution of Standalone JavaScript. In Proc. Int. SPIN Symp. Model Checking of Software (SPIN), pp. 196–199, ACM, 2017.
BibTeX PDF
@inproceedings{spin17-expose,
author = {Blake Loring and Duncan Mitchell and Johannes Kinder},
title = {ExpoSE: Practical Symbolic Execution of Standalone JavaScript},
booktitle = {Proc. Int. SPIN Symp. Model Checking of Software (SPIN)},
pages = {196--199},
publisher = {ACM},
year = {2017}
}
Guillermo Suarez-Tangil, Santanu Kumar Dash, Mansour Ahmadi, Johannes Kinder, Giorgio Giacinto, and Lorenzo Cavallaro. DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware. In Proc. 7th ACM Conf. Data and Application Security and Privacy (CODASPY), pp. 309–320, ACM, 2017.
BibTeX PDF
@inproceedings{codaspy17-droidsieve,
author = {Guillermo Suarez-Tangil and Santanu Kumar Dash and Mansour Ahmadi and Johannes Kinder and Giorgio Giacinto and Lorenzo Cavallaro},
title = {DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware},
booktitle = {Proc. 7th ACM Conf. Data and Application Security and Privacy (CODASPY)},
pages = {309--320},
publisher = {ACM},
year = {2017},
doi = {10.1145/3029806.3029825}
}
2016
Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Barometer: Sizing Up Android Applications Through Statistical Evaluation. In 37th IEEE Symp. Security and Privacy (S&P), 2016. Poster.
BibTeX
@conference{sp16poster,
author = {Santanu Kumar Dash and Kimberly Tam and Johannes Kinder and Lorenzo Cavallaro},
title = {Barometer: Sizing Up Android Applications Through Statistical Evaluation},
booktitle = {37th IEEE Symp. Security and Privacy (S\&P)},
year = {2016},
note = {Poster}
}
Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl. Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis? ACM Computing Surveys, 49(1):April 2016.
BibTeX PDF
@article{csur16-obfuscation,
author = {Sebastian Schrittwieser and Stefan Katzenbeisser and Johannes Kinder and Georg Merzdovnik and Edgar Weippl},
title = {Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis?},
journal = {ACM Computing Surveys},
volume = {49},
number = {1},
year = {2016},
month = {April}
}
Santanu Kumar Dash, Guillermo Suarez-Tangil, Salahuddin Khan, Kimberly Tam, Mansour Ahmadi, Johannes Kinder, and Lorenzo Cavallaro. DroidScribe: Classifying Android Malware Based on Runtime Behavior. In Proc. IEEE Symp. Security and Privacy Workshops (SPW), Mobile Security Technologies (MoST), pp. 252–261, 2016.
BibTeX PDF
@inproceedings{most16-droidscribe,
author = {Santanu Kumar Dash and Guillermo Suarez-Tangil and Salahuddin Khan and Kimberly Tam and Mansour Ahmadi and Johannes Kinder and Lorenzo Cavallaro},
title = {DroidScribe: Classifying Android Malware Based on Runtime Behavior},
booktitle = {Proc. IEEE Symp. Security and Privacy Workshops (SPW), Mobile Security Technologies (MoST)},
pages = {252--261},
year = {2016}
}
2015
Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Set-based Classification of Android Malware from Behavioral Abstractions. In 24th USENIX Security Symp. (USENIX Security), August 2015. Poster.
BibTeX
@conference{usenix15poster,
author = {Santanu Kumar Dash and Kimberly Tam and Johannes Kinder and Lorenzo Cavallaro},
title = {Set-based Classification of Android Malware from Behavioral Abstractions},
booktitle = {24th USENIX Security Symp. (USENIX Security)},
year = {2015},
month = {August},
note = {Poster}
}
Jonas Wagner, Volodymyr Kuznetsov, George Candea, and Johannes Kinder. High System-Code Security with Low Overhead. In Proc. IEEE Symp. Security and Privacy (S&P), pp. 866–879, IEEE, 2015.
BibTeX PDF
@inproceedings{oakland15-asap,
author = {Jonas Wagner and Volodymyr Kuznetsov and George Candea and Johannes Kinder},
title = {High System-Code Security with Low Overhead},
booktitle = {Proc. IEEE Symp. Security and Privacy (S\&P)},
pages = {866--879},
publisher = {IEEE},
year = {2015}
}
Johannes Kinder. Hypertesting: The Case for Automated Testing of Hyperproperties. In 3rd Workshop on Hot Issues in Security Principles and Trust (HotSpot), pp. 1–8, 2015.
BibTeX PDF
@inproceedings{hotspot15-hypertesting,
author = {Johannes Kinder},
title = {Hypertesting: The Case for Automated Testing of Hyperproperties},
booktitle = {3rd Workshop on Hot Issues in Security Principles and Trust (HotSpot)},
pages = {1--8},
year = {2015}
}
Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Advantageous State Merging During Symbolic Analysis. Pat. US 9,141,354 B2, September 2015. Issued.
BibTeX
@patent{statemerging-patent,
author = {Volodymyr Kuznetsov and Johannes Kinder and Stefan Bucur and George Candea},
title = {Advantageous State Merging During Symbolic Analysis},
number = {US 9,141,354 B2},
year = {2015},
month = {September},
pubstate = {Issued}
}
2014
Jonas Wagner, Volodymyr Kuznetsov, Johannes Kinder, Azqa Nadeem, and George Candea. ASAP: High Security at Low Overhead. In 11th USENIX Symp. Operating Systems Design and Implementation (OSDI), October 2014. Poster.
BibTeX
@conference{osdi14poster,
author = {Jonas Wagner and Volodymyr Kuznetsov and Johannes Kinder and Azqa Nadeem and George Candea},
title = {ASAP: High Security at Low Overhead},
booktitle = {11th USENIX Symp. Operating Systems Design and Implementation (OSDI)},
year = {2014},
month = {October},
note = {Poster}
}
Stefan Bucur, Johannes Kinder, and George Candea. Prototyping Symbolic Execution Engines for Interpreted Languages. In Proc. 19th Int. Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 239–254, ACM, 2014.
BibTeX PDF
@inproceedings{asplos14-chef,
author = {Stefan Bucur and Johannes Kinder and George Candea},
title = {Prototyping Symbolic Execution Engines for Interpreted Languages},
booktitle = {Proc. 19th Int. Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS)},
pages = {239--254},
publisher = {ACM},
year = {2014},
doi = {10.1145/2541940.2541977}
}
Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Efficient State Merging in Symbolic Execution (Extended Abstract). In Software Engineering 2014, Fachtagung des GI-Fachbereichs Softwaretechnik (SE), pp. 45–46, GI, 2014.
BibTeX
@inproceedings{se14-statemerging,
author = {Volodymyr Kuznetsov and Johannes Kinder and Stefan Bucur and George Candea},
title = {Efficient State Merging in Symbolic Execution (Extended Abstract)},
booktitle = {Software Engineering 2014, Fachtagung des GI-Fachbereichs Softwaretechnik (SE)},
series = {LNI},
volume = {227},
pages = {45--46},
publisher = {GI},
year = {2014}
}
Patrice Godefroid and Johannes Kinder. Memory Safety of Floating-Point Computations. Pat. US 8,782,625 B2, July 2014. Issued.
BibTeX
@patent{fpsafety-patent,
author = {Patrice Godefroid and Johannes Kinder},
title = {Memory Safety of Floating-Point Computations},
number = {US 8,782,625 B2},
year = {2014},
month = {July},
pubstate = {Issued}
}
2013
Stefan Bucur, Johannes Kinder, and George Candea. Making Automated Testing of Cloud Applications an Integral Component of PaaS. In Proc. 4th Asia-Pacific Workshop on Systems (APSYS), pp. 18:1–18:7, ACM, 2013.
BibTeX PDF
@inproceedings{apsys13-cloud-testing,
author = {Stefan Bucur and Johannes Kinder and George Candea},
title = {Making Automated Testing of Cloud Applications an Integral Component of PaaS},
booktitle = {Proc. 4th Asia-Pacific Workshop on Systems (APSYS)},
pages = {18:1--18:7},
publisher = {ACM},
year = {2013},
doi = {10.1145/2500727.2500730}
}
Cristian Zamfir, Baris Kasikci, Johannes Kinder, Edouard Bugnion, and George Candea. Automated Debugging for Arbitrarily Long Executions. In Proc. 14th Workshop on Hot Topics in Operating Systems (HotOS), USENIX, 2013.
BibTeX PDF
@inproceedings{hotos13-res,
author = {Cristian Zamfir and Baris Kasikci and Johannes Kinder and Edouard Bugnion and George Candea},
title = {Automated Debugging for Arbitrarily Long Executions},
booktitle = {Proc. 14th Workshop on Hot Topics in Operating Systems (HotOS)},
publisher = {USENIX},
year = {2013},
ee = {https://www.usenix.org/conference/hotos13/session/zamfir}
}
2012
Stefan Bucur, Johannes Kinder, and George Candea. C3A: Client/Server Co-Verification for Cloud Applications. In 10th USENIX Symp. Operating Systems Design and Implementation (OSDI), 2012. Poster.
BibTeX
@conference{osdi12poster,
author = {Stefan Bucur and Johannes Kinder and George Candea},
title = {C3A: Client/Server Co-Verification for Cloud Applications},
booktitle = {10th USENIX Symp. Operating Systems Design and Implementation (OSDI)},
year = {2012},
note = {Poster}
}
Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Efficient state merging in symbolic execution. In Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation (PLDI), pp. 193–204, ACM, 2012.
BibTeX PDF
@inproceedings{pldi12-statemerging,
author = {Volodymyr Kuznetsov and Johannes Kinder and Stefan Bucur and George Candea},
title = {Efficient state merging in symbolic execution},
booktitle = {Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation (PLDI)},
pages = {193--204},
publisher = {ACM},
year = {2012}
}
Johannes Kinder. Towards Static Analysis of Virtualization-Obfuscated Binaries. In Proc. 19th Working Conf. Reverse Engineering (WCRE), pp. 61–70, IEEE, 2012.
BibTeX PDF
@inproceedings{wcre12-virtobf,
author = {Johannes Kinder},
title = {Towards Static Analysis of Virtualization-Obfuscated Binaries},
booktitle = {Proc. 19th Working Conf. Reverse Engineering (WCRE)},
pages = {61--70},
publisher = {IEEE},
year = {2012}
}
Johannes Kinder and Dmitry Kravchenko. Alternating Control Flow Reconstruction. In Proc. 13th Int. Conf. Verification, Model Checking, and Abstract Interpretation (VMCAI), pp. 267–282, Springer, 2012.
BibTeX PDF
@inproceedings{vmcai12-acfr,
author = {Johannes Kinder and Dmitry Kravchenko},
title = {Alternating Control Flow Reconstruction},
booktitle = {Proc. 13th Int. Conf. Verification, Model Checking, and Abstract Interpretation (VMCAI)},
series = {LNCS},
volume = {7148},
pages = {267--282},
publisher = {Springer},
year = {2012}
}
2011
Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Supporting domain-specific state space reductions through local partial-order reduction. In 26th IEEE/ACM Int. Conf. Automated Software Engineering (ASE), pp. 113–122, IEEE, 2011.
BibTeX PDF
@inproceedings{ase11-lpor,
author = {P{\'e}ter Bokor and Johannes Kinder and Marco Serafini and Neeraj Suri},
title = {Supporting domain-specific state space reductions through local partial-order reduction},
booktitle = {26th IEEE/ACM Int. Conf. Automated Software Engineering (ASE)},
pages = {113--122},
publisher = {IEEE},
year = {2011}
}
Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Efficient model checking of fault-tolerant distributed protocols. In Proc. 2011 IEEE/IFIP Int. Conf. Dependable Systems and Networks (DSN), pp. 73–84, IEEE, 2011.
BibTeX PDF
@inproceedings{dsn11-mpbasset,
author = {P{\'e}ter Bokor and Johannes Kinder and Marco Serafini and Neeraj Suri},
title = {Efficient model checking of fault-tolerant distributed protocols},
booktitle = {Proc. 2011 IEEE/IFIP Int. Conf. Dependable Systems and Networks (DSN)},
pages = {73--84},
publisher = {IEEE},
year = {2011}
}
Stefan Katzenbeisser, Johannes Kinder, and Helmut Veith. Malware Detection. In Henk C. A. van Tilborg and Sushil Jajodia, eds., Encyclopedia of Cryptography and Security (2nd Ed.), pp. 752–755, Springer, 2011.
BibTeX
@incollection{cryptosec11,
author = {Stefan Katzenbeisser and Johannes Kinder and Helmut Veith},
title = {Malware Detection},
editor = {Henk C. A. van Tilborg and Sushil Jajodia},
booktitle = {Encyclopedia of Cryptography and Security (2nd Ed.)},
pages = {752--755},
publisher = {Springer},
year = {2011}
}
Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Supporting domain-specific state space reductions through local partial-order reduction. Tech. rep. TR-TUD-DEEDS-07-01-2011, Technische Universität Darmstadt, 2011.
BibTeX
@techreport{lpor-tr,
author = {P{\'e}ter Bokor and Johannes Kinder and Marco Serafini and Neeraj Suri},
title = {Supporting domain-specific state space reductions through local partial-order reduction},
number = {TR-TUD-DEEDS-07-01-2011},
year = {2011},
institution = {Technische Universit{\"a}t Darmstadt}
}
Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Efficient model checking of fault-tolerant distributed protocols. Tech. rep. TR-TUD-DEEDS-01-01-2011, Technische Universität Darmstadt, 2011.
BibTeX
@techreport{mpbasset-tr,
author = {P{\'e}ter Bokor and Johannes Kinder and Marco Serafini and Neeraj Suri},
title = {Efficient model checking of fault-tolerant distributed protocols},
number = {TR-TUD-DEEDS-01-01-2011},
year = {2011},
institution = {Technische Universit{\"a}t Darmstadt}
}
2010
Johannes Kinder. Static Analysis of x86 Executables. Ph.D. Thesis, Technische Universität Darmstadt, 2010.
BibTeX PDF
@phdthesis{phdthesis-kinder,
author = {Johannes Kinder},
title = {Static Analysis of x86 Executables},
year = {2010},
school = {Technische Universit{\"a}t Darmstadt}
}
Johannes Kinder and Helmut Veith. Precise Static Analysis of Untrusted Driver Binaries. In Proc. 10th Int. Conf. Formal Methods in Computer-Aided Design (FMCAD), pp. 43–50, 2010.
BibTeX PDF
@inproceedings{fmcad10-drivers-bat,
author = {Johannes Kinder and Helmut Veith},
title = {Precise Static Analysis of Untrusted Driver Binaries},
booktitle = {Proc. 10th Int. Conf. Formal Methods in Computer-Aided Design (FMCAD)},
pages = {43--50},
year = {2010}
}
Patrice Godefroid and Johannes Kinder. Proving memory safety of floating-point computations by combining static and dynamic program analysis. In Proc. 19th Int. Symp. Software Testing and Analysis (ISSTA), pp. 1–12, ACM, 2010.
BibTeX PDF
@inproceedings{issta10-fpsafety,
author = {Patrice Godefroid and Johannes Kinder},
title = {Proving memory safety of floating-point computations by combining static and dynamic program analysis},
booktitle = {Proc. 19th Int. Symp. Software Testing and Analysis (ISSTA)},
pages = {1--12},
publisher = {ACM},
year = {2010},
doi = {10.1145/1831708.1831710}
}
Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith. Proactive Detection of Computer Worms Using Model Checking. IEEE Trans. Dependable Sec. Comput., 7(4):424–438, October 2010.
BibTeX PDF
@article{tdsc10-mocca,
author = {Johannes Kinder and Stefan Katzenbeisser and Christian Schallhart and Helmut Veith},
title = {Proactive Detection of Computer Worms Using Model Checking},
journal = {IEEE Trans. Dependable Sec. Comput.},
volume = {7},
number = {4},
pages = {424--438},
year = {2010},
month = {October}
}
Mihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, and Helmut Veith. System for Malware Normalization and Detection. Pat. US 2010/0011441 A1, January 2010. Published.
BibTeX
@patent{malwarenorm-patent,
author = {Mihai Christodorescu and Johannes Kinder and Somesh Jha and Stefan Katzenbeisser and Helmut Veith},
title = {System for Malware Normalization and Detection},
number = {US 2010/0011441 A1},
year = {2010},
month = {January},
pubstate = {Published}
}
2009
Patrice Godefroid and Johannes Kinder. Proving Memory Safety of Floating-Point Computations by Combining Static and Dynamic Program Analysis. Tech. rep. MSR-TR-2009-167, Microsoft Research, November 2009.
BibTeX
@techreport{fpsafety-tr,
author = {Patrice Godefroid and Johannes Kinder},
title = {Proving Memory Safety of Floating-Point Computations by Combining Static and Dynamic Program Analysis},
number = {MSR-TR-2009-167},
year = {2009},
institution = {Microsoft Research},
month = {November}
}
Johannes Kinder, Helmut Veith, and Florian Zuleger. An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries. In Proc. 10th Int. Conf. Verification, Model Checking, and Abstract Interpretation (VMCAI), pp. 214–228, Springer, 2009.
BibTeX PDF
@inproceedings{vmcai09-cfr,
author = {Johannes Kinder and Helmut Veith and Florian Zuleger},
title = {An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries},
booktitle = {Proc. 10th Int. Conf. Verification, Model Checking, and Abstract Interpretation (VMCAI)},
series = {LNCS},
volume = {5403},
pages = {214--228},
publisher = {Springer},
year = {2009}
}
2008
Johannes Kinder and Helmut Veith. Jakstab: A Static Analysis Platform for Binaries. In Proc. 20th Int. Conf. Computer Aided Verification (CAV), pp. 423–427, Springer, 2008.
BibTeX PDF
@inproceedings{cav08-jakstab,
author = {Johannes Kinder and Helmut Veith},
title = {Jakstab: A Static Analysis Platform for Binaries},
booktitle = {Proc. 20th Int. Conf. Computer Aided Verification (CAV)},
series = {LNCS},
volume = {5123},
pages = {423--427},
publisher = {Springer},
year = {2008},
booktitleshort = {CAV}
}
2007
Mihai Christodorescu, Somesh Jha, Johannes Kinder, Stefan Katzenbeisser, and Helmut Veith. Software transformations to improve malware detection. J. Comput. Virol., 3(4):253–265, November 2007.
BibTeX PDF
@article{jicv07-malware-transform,
author = {Mihai Christodorescu and Somesh Jha and Johannes Kinder and Stefan Katzenbeisser and Helmut Veith},
title = {Software transformations to improve malware detection},
journal = {J. Comput. Virol.},
volume = {3},
number = {4},
pages = {253--265},
year = {2007},
doi = {10.1007/s11416-007-0059-8},
month = {November}
}
Andreas Holzer, Johannes Kinder, and Helmut Veith. Using Verification Technology to Specify and Detect Malware. In Proc. 11th Int. Conf. Computer Aided Systems Theory (EUROCAST), pp. 497–504, Springer, 2007.
BibTeX PDF
@inproceedings{eurocast07-symac,
author = {Andreas Holzer and Johannes Kinder and Helmut Veith},
title = {Using Verification Technology to Specify and Detect Malware},
booktitle = {Proc. 11th Int. Conf. Computer Aided Systems Theory (EUROCAST)},
series = {LNCS},
volume = {4739},
pages = {497--504},
publisher = {Springer},
year = {2007}
}
2005
Mihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, and Helmut Veith. Malware Normalization. Tech. rep. 1539, University of Wisconsin, November 2005.
BibTeX PDF
@techreport{malwarenorm,
author = {Mihai Christodorescu and Johannes Kinder and Somesh Jha and Stefan Katzenbeisser and Helmut Veith},
title = {Malware Normalization},
number = {1539},
address = {Madison, WI, USA},
year = {2005},
institution = {University of Wisconsin},
month = {November}
}
Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith. Detecting Malicious Code by Model Checking. In Second Int. Conf. Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), pp. 174–187, Springer, 2005.
BibTeX PDF
@inproceedings{dimva05-ctpl,
author = {Johannes Kinder and Stefan Katzenbeisser and Christian Schallhart and Helmut Veith},
title = {Detecting Malicious Code by Model Checking},
booktitle = {Second Int. Conf. Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
series = {LNCS},
volume = {3548},
pages = {174--187},
publisher = {Springer},
year = {2005}
}
Johannes Kinder. Model Checking Malicious Code. M.Sc. Thesis, Technische Universität München, 2005.
BibTeX PDF
@thesis{da-kinder,
author = {Johannes Kinder},
title = {Model Checking Malicious Code},
year = {2005},
school = {Technische Universit{\"a}t M{\"u}nchen},
type = {MSc thesis}
}