Dr.-Ing. Lucas Davi

Independent Claude Shannon Research Group Leader

Mornewegstrasse 32
D-64293 Darmstadt
GERMANY

Room:4.1.10
Tel:

+49 (0)6151 16 - 25337

Email:lucas.davi(a-t)crisp-da.de
Google Scholar:Link to Google Scholar Page

 

Since October 2015 Lucas Davi is the independent Claude Shannon research group leader of the Secure and Trustworthy Systems Group. 

Vita

Since 10/2015

Independent Claude Shannon Research Group Leader

Secure and Trustworthy Systems

Technische Universität Darmstadt

Center for Research in Security and Privacy (CRISP)

Intel Collaborative Research Institute for Secure Computing (ICRI-SC)

07/2015 - 10/2015

Post-Doctoral Researcher

System Security Lab (Prof. Ahmad-Reza Sadeghi)

Technische Universität Darmstadt

Center for Advanced Security Research Darmstadt (CASED)

Intel Collaborative Research Institute for Secure Computing (ICRI-SC)

06/2013 - 08/2013

Summer Internship at Intel Labs

Security Research Lab

Intel Corporation, Hillsboro, Oregon, USA

01/2011 - 07/2015

Research Assistant and PhD Student [PhD Thesis]

System Security Lab (Prof. Ahmad-Reza Sadeghi)

Technische Universität Darmstadt

Center for Advanced Security Research Darmstadt (CASED)

Intel Collaborative Research Institute for Secure Computing (ICRI-SC)

01/2010 - 12/2010

Research Assistant and PhD Student

System Security Lab (Prof. Ahmad-Reza Sadeghi)

Ruhr-Universität Bochum

Horst Görtz Institute for Security (HGI)

04/2007 - 12/2009

Master of Science IT-Security

Ruhr-Universität Bochum

Horst Görtz Institute for Security (HGI)

09/2003 - 01/2007

Diploma (FH) Business Informatics

Neuss University of Applied Science, Germany

09/2003 - 01/2006

Apprenticeship IT-Management Assistant

ThyssenKrupp Steel AG, Duisburg

2003

Abitur

Michael-Ende Gymnasium Tönisvorst

 

New Book

Lucas Davi and Ahmad-Reza Sadeghi
Building Secure Defenses Against Code-Reuse Attacks [Link]
SpringerBriefs in Computer Science, 2015

Awards and Recognition

Academic Activities

Program Committee Member

  • ASIACCS 2017 - 12th ACM Asia Conference on Computer and Communications Security
  • SPSM 2016 - 6th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices
  • ACSAC 2016 - 32nd Annual Computer Security Applications Conference
  • RAID 2016 - 19th International Symposium on Research in Attacks, Intrusions and Defenses
  • DIMVA 2016 - 13th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment
  • EuroSec 2016 - 9th European Workshop on Systems Security
  • ICDCS 2016 - 36th IEEE International Conference on Distributed Computing Systems
  • ACNS 2016 - 14th International Conference on Applied Cryptography and Network Security
  • TrustED 2015 - 5th International Workshop on Trustworthy Embedded Devices
  • WOOT 2015 - 9th USENIX Workshop on Offensive Technologies
  • RAID 2015 - 18th International Symposium on Research in Attacks, Intrusions and Defenses
  • AReS - International Conference on Availability, Reliability and Security, 2012 - 2014

Publications Chair

  • SPSM 2013 - 3rd ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices

Local Organization Committee

  • CCS 2013 - 20th ACM Conference on Computer and Communications Security
  • ETISS 2011 - 6th European Trusted Infrastructure Summer School

Talks and Tutorials

  • Invited Talk at Workshop on Privacy-Aware Mobile Computing (PAMCO), 2016
    Paderborn, Germany
    Title: Protecting Mobile and Embedded Systems Software from Runtime Exploits
  • Tutorial at 53rd Design Automation Conference (DAC), 2016
    Austin, TX, USA
    Title: The Continuing Arms Race: A Journey in the World of Runtime Exploits and Defenses
  • Invited Talk at RuhrSec, 2016
    Bochum, Germany
    Title: On Securing Legacy Software Against Code-Reuse Attacks
  • Invited Talk in Computer Science Forum (CS Forum) at Aalto University, 2016
    Aalto University, Finland
    Title: The Continuing Arms Race in Memory: Return-Oriented Programming Attacks and Defenses
  • Full-Day Tutorial at Embedded Systems Week (ESWEEK), 2015
    Amsterdam, Netherlands
    Title: The Beast in Your Memory: Modern Exploitation Techniques and Defenses
  • Lecture at Summer School on Secure and Trustworthy Computing, 2015
    Bucharest, Romania
    Title: Modern Runtime Exploitation Techniques and Defenses
  • Lecture at International Summer School on Smart & Mobile Device Security and Privacy (SMDSP), 2014
    Padova, Italy
    Title: Modern Runtime Attacks and Defenses, Slides: [PDF]
  • Intel Workshop on Cyberphysical and Mobile Security, 2014
    Darmstadt, Germany
    Title: The Beast is Resting in Your Memory
  • Talk at 16th BlackHat USA, 2013
    Las Vegas, USA
    Title: Just-In-Time Code Reuse: The more things change, the more they stay the same
    Slides [PDF], Recorded Talk available YouTube Link
  • Lecture at 5th European Trusted Infrastructure Summer School (ETISS), 2010
    Royal Holloway University of London, GB
    Title: Return-oriented Programming: How to Perform Arbitrary Computation Without Code Injection

Supervised Students

  • Christopher Liebchen, Master Thesis (November 2014)
    Title: Software Diversity: Attacks and Defenses
    The results of this thesis have been published at NDSS 2015
  • Daniel Lehmann, Bachelor Thesis (May 2014)
    Title: On the Effectiveness of Coarse-Grained Control-Flow Integrity
    The results of this thesis have been published at USENIX Security 2014 &  Blackhat USA 2014
  • Tim Werthmann, Master Thesis (March 2012)
    at Ruhr-Universität Bochum co-supervised with Ralf Hund, Prof. Thorsten Holz
    Title: Design and Implementation of a Policy Enforcement Scheme for iOS
    The results of this thesis have been awarded with the Distinguished Paper Award at ASIACCS 2013

Publications

2016

C-FLAT: Control-Flow Attestation for Embedded Systems Software

Tigist Abera, Nadarajah Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, Gene Tsudik
In: 23rd ACM Conference on Computer and Communications Security (CCS), October 2016
[Inproceedings]

SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles

Luke Deshotels, Razvan Deaconescu, Mihai Chiroiu, Lucas Davi, William Enck, Ahmad-Reza Sadeghi
In: 23rd ACM Conference on Computer and Communications Security (CCS), October 2016
[Inproceedings]

Strategy Without Tactics: Policy-Agnostic Hardware-Enhanced Control-Flow Integrity

Dean Sullivan, Orlando Arias, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Yier Jin
In: 53rd Design Automation Conference (DAC), June 2016
[Inproceedings]

Things, Trouble, Trust: On Building Trust in IoT Systems

Tigist Abera, Nadarajah Asokan, Lucas Davi, Farinaz Koushanfar, Andrew Praverd, Gene Tsudik, Ahmad-Reza Sadeghi
In: 53rd Design Automation Conference (DAC), June 2016
[Inproceedings]

Subversive-C: Abusing and Protecting Dynamic Message Dispatch

Julian Lettner, Benjamin Kollenda, Andrei Homescu, Per Larsen, Felix Schuster, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Michael Franz
In: USENIX Annual Technical Conference (ATC), June 2016
[Inproceedings]

The Cybersecurity Landscape in Industrial Control Systems

Stephen McLaughlin, Charalambos Konstantinou, Xueyang Wang, Lucas Davi, Ahmad-Reza Sadeghi, Michail Maniatakos, Ramesh Karri
In: Proceedings of the IEEE, Vol. PP, March 2016
[Online-Edition: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=7434576]
[Article]

Leakage-Resilient Layout Randomization for Mobile Devices

Kjell Braden, Stephen Crane, Lucas Davi, Michael Franz, Per Larsen, Christopher Liebchen, Ahmad-Reza Sadeghi
In: 23rd Annual Network & Distributed System Security Symposium (NDSS), February 2016
[Inproceedings]

2015

Building Secure Defenses Against Code-Reuse Attacks

Lucas Davi, Ahmad-Reza Sadeghi
December 2015
Springer International Publishing
[Online-Edition: http://www.springer.com/en/book/9783319255446]
[Book]

Automated Software Diversity

Per Larsen, Stefan Brunthaler, Lucas Davi, Ahmad-Reza Sadeghi, Michael Franz
In: Synthesis Lectures on Information Security, Privacy, and Trust, December 2015
Morgan & Claypool
[Book]

Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks

Mauro Conti, Stephen Crane, Lucas Davi, Michael Franz, Per Larsen, Christopher Liebchen, Marco Negro, Mohaned Qunaibit, Ahmad-Reza Sadeghi
In: 22nd ACM Conference on Computer and Communications Security (CCS), October 2015
[Inproceedings]

It's a TRAP: Table Randomization and Protection against Function Reuse Attacks

Stephen Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, Michael Franz
In: 22nd ACM Conference on Computer and Communications Security (CCS), October 2015
[Inproceedings]

Return to Where? You Can't Exploit What You Can't Find

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, Michael Franz
In: Blackhat USA, August 2015
[Inproceedings]

HAFIX: Hardware-Assisted Flow Integrity Extension

Orlando Arias, Lucas Davi, Matthias Hanreich, Yier Jin, Patrick Koeberl, Debayan Paul, Ahmad-Reza Sadeghi, Dean Sullivan
In: 52nd Design Automation Conference (DAC), June 2015
[Inproceedings]

Readactor: Practical Code Randomization Resilient to Memory Disclosure

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, Michael Franz
In: 36th IEEE Symposium on Security and Privacy (Oakland), May 2015
[Inproceedings]

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz
In: 36th IEEE Symposium on Security and Privacy (Oakland), May 2015
[Inproceedings]

XiOS: Extended Application Sandboxing on iOS

Mihai Bucicoiu, Lucas Davi, Razvan Deaconescu, Ahmad-Reza Sadeghi
In: 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015), April 2015
[Inproceedings]

Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming

Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Kevin Snow, Fabian Monrose
In: 22nd Annual Network & Distributed System Security Symposium (NDSS), February 2015
[Inproceedings]

Securing Legacy Software against Real-World Code-Reuse Exploits: Utopia, Alchemy, or Possible Future? - Keynote -

Ahmad-Reza Sadeghi, Lucas Davi, Per Larsen
In: 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015), 2015
[Inproceedings]

2014

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection

Lucas Davi, Daniel Lehmann, Ahmad-Reza Sadeghi, Fabian Monrose
In: 23rd USENIX Security Symposium, August 2014
[Inproceedings]

The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques

Lucas Davi, Daniel Lehmann, Ahmad-Reza Sadeghi
In: BlackHat USA, August 2014
[Inproceedings]

Hardware-Assisted Fine-Grained Control-Flow Integrity: Towards Efficient Protection of Embedded Systems Against Software Exploitation

Lucas Davi, Patrick Koeberl, Ahmad-Reza Sadeghi
In: 51st Design Automation Conference (DAC) - Special Session: Trusted Mobile Embedded Computing, June 2014
[Inproceedings]

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection

Lucas Davi, Daniel Lehmann, Ahmad-Reza Sadeghi, Fabian Monrose
April 2014
[Techreport]

2013

Mobile Platform Security

Nadarajah Asokan, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Kari Kostiainen, Elena Reshetova, Ahmad-Reza Sadeghi
In: Synthesis Lectures on Information Security, Privacy, and Trust, Vol. 4, December 2013
Morgan & Claypool
[Online-Edition: http://www.morganclaypool.com/doi/abs/10.2200/S00555ED1V01Y201312SPT009]
[Book]

Check My Profile: Leveraging Static Analysis for Fast and Accurate Detection of ROP Gadgets

Blaine Stancill, Kevin Snow, Nathan Otterness, Fabian Monrose, Lucas Davi, Ahmad-Reza Sadeghi
In: 16th Research in Attacks, Intrusions and Defenses (RAID) Symposium, October 2013
[Inproceedings]

Just-In-Time Code Reuse: the More Things Change, the More They Stay the Same

Kevin Snow, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Fabian Monrose, Ahmad-Reza Sadeghi
In: BlackHat USA, August 2013
[Inproceedings]

Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization (Best Student Paper Award)

Kevin Snow, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Fabian Monrose, Ahmad-Reza Sadeghi
In: 34th IEEE Symposium on Security and Privacy (Oakland 2013), May 2013
[Inproceedings]

Gadge Me If You Can - Secure and Efficient Ad-hoc Instruction-Level Randomization for x86 and ARM

Lucas Davi, Alexandra Dmitrienko, Stefan Nürnberger, Ahmad-Reza Sadeghi
In: 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013) , May 2013
[Inproceedings]

PSiOS: Bring Your Own Privacy & Security to iOS Devices (Distinguished Paper Award)

Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz
In: 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), 2013
[Inproceedings]

2012

Over-the-air Cross-Platform Infection for Breaking mTAN-based Online Banking Authentication

Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, Ahmad-Reza Sadeghi
In: BlackHat Abu Dhabi, December 2012
[Inproceedings]

XIFER: A Software Diversity Tool Against Code-Reuse Attacks

Lucas Davi, Alexandra Dmitrienko, Stefan Nürnberger, Ahmad-Reza Sadeghi
In: 4th ACM International Workshop on Wireless of the Students, by the Students, for the Students (S3 2012), August 2012
[Inproceedings]

MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones

Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi
In: 19th Annual Network & Distributed System Security Symposium (NDSS), February 2012
[Inproceedings]

Towards Taming Privilege-Escalation Attacks on Android

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, Bhargava Shastry
In: 19th Annual Network & Distributed System Security Symposium (NDSS), February 2012
[Inproceedings]

2011

POSTER: Control-Flow Integrity for Smartphones

Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi
In: 18th ACM Conference on Computer and Communications Security (CCS'11), October 2011
ACM
[Inproceedings]

POSTER: The Quest for Security against Privilege Escalation Attacks on Android

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, Bhargava Shastry
In: 18th ACM Conference on Computer and Communications Security (CCS'11), October 2011
ACM
[Inproceedings]

Scalable Trust Establishment with Software Reputation

Sven Bugiel, Lucas Davi, Steffen Schulz
In: Workshop on Scalable Trusted Computing (STC), October 2011
ACM Press
[Online-Edition: https://freeside.trust.cased.de/apt-sec/]
[Inproceedings]

Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones

Lucas Davi, Alexandra Dmitrienko, Christoph Kowalski, Marcel Winandy
In: Proceedings of the 6th ACM Workshop on Scalable Trusted Computing (STC), October 2011
ACM Press
[Inproceedings]

Practical and Lightweight Domain Isolation on Android

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, Bhargava Shastry
In: Proceedings of the 1st ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM), October 2011
ACM Press
[Inproceedings]

XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi
April 2011
[Techreport]

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy
In: 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), March 2011
[Inproceedings]

2010

Return-Oriented Programming without Returns

Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy
In: Proceedings of the 17th ACM conference on Computer and communications security, p. 559--572, October 2010
ACM
[Online-Edition: http://doi.acm.org/10.1145/1866307.1866370]
[Inproceedings]

Privilege Escalation Attacks on Android

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy
In: ISC 2010: Proceedings of the 13th Information Security Conference, October 2010
[Inproceedings]

Return-Oriented Programming without Returns on ARM

Lucas Davi, Alexandra Dmitrienko Ahmad-Reza Sadeghi, Marcel Winandy
July 2010
[Techreport]

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy
March 2010
[Techreport]

2009

Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy
In: Proceedings of the 2009 ACM workshop on Scalable trusted computing, p. 49--54, September 2009
ACM
[Online-Edition: http://doi.acm.org/10.1145/1655108.1655117]
[Inproceedings]
A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang