Georgios Portokalidis
Schaefer School of Engineering & Science, Dept. of Computer Science, Stevens Institute of Technology, NJ, USA E-mail: [email protected], Homepage: http://www.cs.stevens.edu/∼porto
Professional Experience Stevens Institute of Technology, New Jersey, USA January 2013 - present Assistant Professor of Computer Science
Columbia University, New York, USA March 2010 - December 2012 Postdoctoral researcher in the Network Security Lab (NSL)
NICTA, Sydney, Australia August 2008 Visiting researcher in the ERTOS group at the Neville Roach Lab (NRL)
Institute for Infocomm Research, Singapore May 2008 - July 2008 Visiting Researcher in the Internet Security Lab
Microsoft Research at Cambridge, UK April 2007 - June 2007 Intern
Intel Research at Cambridge, UK September 2004 - January 2005 Intern, working with the Xen hypervisor
Leiden University, The Netherlands September 2003 - July 2004 Research assistant, working on network monitoring (FFPF), and the open kernel environment (OKE)
Internet Hellas, Greece June 2001 - August 2001 Summer trainee, working on a mobile marketing platform
ATLANTIS group, Greece November 1999 - February 2002 Web and application developer, system administrator
UCnet University of Crete, Greece March 2000 - September 2000 Assistant system administrator
E.L.K.E. University of Crete, Greece December 1999 - February 2000 Assistant system administrator
Education Ph.D. Computer Science, Vrije University, The Netherlands February 2010 Thesis title: “Using Virtualisation Against Zero-Day Attacks” Promoter: Henri Bal, Advisor: Herbert Bos
M.Sc. Computer Science, Leiden University, The Netherlands April 2005 Thesis title: “Zero Hour Worm Detection and Containment Using Honeypots” Advisor: Herbert Bos
B.Sc. Computer Science, University of Crete, Greece July 2002 Dissertation title: “Study and Bridging of Peer-to-Peer File Sharing Systems” Advisor: Evangelos P. Markatos Georgios Portokalidis
Grants and Awards
Co-PI, ”MINESTRONE Task: Automatic Discovery of Rescue Points Using Static and Dynamic Analysis”, IARPA, $270,400 (September 2012 - November 2014)
Best paper award at the 6th International Workshop on Security (IWSEC2011), Tokyo, Japan, November 2011
Publications Peer-reviewed Conferences and Workshops Exploiting Split Browsers for Efficiently Protecting User Data To appear in the Proceedings of the ACM Cloud Computing Security Workshop (CCSW) Raleigh, NC, USA, October 2012
Adaptive Defenses for Commodity Software through Virtual Application Partitioning To appear in the Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS) Raleigh, NC, USA, October 2012 (Acceptance rate: 18.9%) kGuard: Lightweight Kernel Protection against Return-to-user Attacks In the Proceedings of the 21st USENIX Security Symposium Bellevue, WA, USA, August 2012 (Acceptance rate: 19.4%) libdft: Practical Dynamic Data Flow Tracking for Commodity Systems Proceedings of the 8th International Conference on Virtual Execution Environments (VEE) London, UK, March 2012 (Acceptance rate: 17.8%)
A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS) San Diego, CA, USA, February, 2012 (Acceptance rate: 17.8%)
A Multilayer Overlay Network Architecture for Enhancing IP Services Availability Against DoS Proceedings of the 7th International Conference on Information Systems Security (ICISS) Kolkata, India, December 2011 (Acceptance rate: 22.8%)
REASSURE: A Self-contained Mechanism for Healing Software Using Rescue Points (Received best paper award) Proceedings of the 6th International Workshop on Security (IWSEC2011) Tokyo, Japan, November 2011 Taint-Exchange: a Practical System for Cross-process and Cross-host Taint Tracking Proceedings of the 6th International Workshop on Security (IWSEC2011) Tokyo, Japan, November 2011
Detecting Traffic Snooping in Tor Using Decoys Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID) Menlo Park, CA, USA, September 2011 (Acceptance rate: 23%)
Paranoid Android: Versatile Protection For Smartphones Proceedings of the 2010 Annual Computer Security Applications Conference (ACSAC) Austin, TX, USA, December 2010 (Acceptance rate: 17%)
Fast and Practical Instruction-Set Randomization for Commodity Systems Proceedings of the 2010 Annual Computer Security Applications Conference (ACSAC) Austin, TX, USA, December 2010 (Acceptance rate: 17%)
2 Georgios Portokalidis iLeak: A Lightweight System for Detecting Inadvertent Information Leaks Proceedings of the European Conference on Computer Network Defense (EC2ND) Berlin, Germany, October 2010 Eudaemon: Involuntary and On-Demand Emulation Against Zero-Day Exploits Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems Glasgow, Scotland, April 2008 (Acceptance rate: 18%) Argos: Emulated Hardware Support to Fingerprint Zero-Day Attacks by Means of Dynamic Data Flow Analysis Proceedings of the 12th Annual Conference of the Advanced School for Computing and Imaging Belgium, 2006 Argos: an Emulator for Fingerprinting Zero-Day Attacks Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems Leuven, Belgium, April 2006 (Acceptance rate: 20%) FFPF: Fairly Fast Packet Filters Proceedings of the 6th Symposium on Operating Systems Design & Implementation (OSDI) San Francisco, CA, USA, December 2004 (Acceptance rate: 14%) Journals SweetBait: Zero-Hour Worm Detection and Containment Using Low- and High-Interaction Honeypots Elsevier Computer Networks: The International Journal of Computer and Telecommunications Networking (Volume 51, Issue 5, Pages 1256-1274, April 2007) Invited Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution Proceedings of the ARO Workshop on Moving Target Defense, Fairfax, VA, USA October 2010 Argos: Securing IP Communications Against Zero-Day Attacks Proceedings of NLUUG Unix Users Group Annual Conference, The Netherlands, 2006 Technical Reports libdft: Practical Dynamic Data Flow Tracking for Commodity Systems Technical Report CUCS-044-11, Columbia University, New York, USA, October 2011 Protecting Smart Phones by Means of Execution Replication Technical Report IR-CS-054, Vrije Universiteit Amsterdam, September 2009 Multi-tier intrusion detection by means of replayable virtual machines Technical Report IR-CS-047, Vrije Universiteit Amsterdam, August 2008 Prospector: a Protocol-Specific Detector of Polymorphic Buffer Overflows Technical report IR-CS-023, Vrije Universiteit Amsterdam, June 2006 Argos: an x86 Emulator for Fingerprinting Zero-Day Attacks by Means of Dynamic Data Flow Analysis Technical report IR-CS-017, Vrije Universiteit Amsterdam, October 2005 SweetBait: Zero-Hour Worm Detection and Containment Using Honeypots Technical report IR-ICS-015, Vrije Universiteit Amsterdam, May 2005 Packet Monitoring at High Speed with FFPF Technical report 2004-01, LIACS, Leiden University, 2004 Study and Bridging of Peer-to-Peer File Sharing Systems Technical report 312, ICS-FORTH, Heraklion, Crete, Greece, October 2002
3 Georgios Portokalidis
Invited Talks Paranoid Android: Versatile Protection For Smartphones AT&T Security Research Center, New York, NY, USA, December 2011 Heavyweight Protection for Lightweight Devices Internet Research Group, Telefonica Research, Barcelona, Spain, May 2009 Argos: an Emulator for Fingerprinting Zero-Day Attacks Invited talk IBM Research, Z¨urich, Switzerland, July, 2006 Professional Activities Program Committees 2012 Annual Computer Security Applications Conference (ACSAC28) 7th European Conference on Computer Network Defense (EC2ND 2011) 9th International Conference on Cryptology And Network Security (CANS 2010) ACM EuroSys 2010 Conference (Shadow PC) Ph.D. Thesis Committee Service Asia Slowinska, ”Using Information Flow Tracking to Protect Legacy Binaries”, Vrije Universiteit Ams- terdam Other Chair, ICT-FORWARD panel on “Future Threats: Mobile Personal Devices”. In the context of the 2009 European Workshop on System Security (EUROSEC09) Panelist, ICT-FORWARD panel on “Future and Emerging Threats in Information and Communication Technology Infrastructures”. In the context of the 2008 European Conference on Computer and Network Defense (EC2ND) Teaching Practical courses at Vrije Universiteit Spring 2006, 2007, 2009 Designed a practical course for teaching the basics of security to secondary school kids. The practical involves the use of a bootable DVD which runs linux, and includes a set of developed tools that demonstrate how an Internet worm spreads, and enables the students to perform attacks in an isolated environment, as part of a “last man standing” game. The practical has been a success, and resulted in a deal to freely distribute the DVD in secondary schools in the Netherlands, in conjunction with a syllabus written by Prof. Herbert Bos. Tutorial on Information Flow Tracking European Conference on Computer Network Defense (EC2ND), Dublin, Ireland, December 2008 Student Supervisions Columbia University (co-supervised with Prof. Angelos Keromytis) Sambuddho Chakravarty, PhD student. Expected graduation: June 2013 Kangkook Jee, PhD student. Expected graduation: June 2014 Vasileios P. Kemerlis, PhD student. Expected graduation: June 2014 Angelika Zavou, PhD student. Expected graduation: June 2013 Muhammad Ali Akbar, MSc Student. Graduated: January 2012
4 Georgios Portokalidis
Vrije Universiteit (co-supervised with Prof. Herbert Bos) Erik Bosman, MSc student. Graduated: July 2011 Thesis: “Minemu: protecting buggy programs from memory corruption attacks”
Remco Vermeulen, MSc student. Graduated: March 2011 Thesis: “Automated post-attack analysis of injected payload”
Auke Folkerts, MSc student. Graduated: September 2008 Thesis: “Deterministic Replay in the Argos Virtual Machine”
Popular Press Niels Provos and Thorsten Holz have written a book about Honeypots “Virtual Honeypots: From Botnet Tracking to Intrusion Detection” which writes in some detail about Argos.
Sam Stover writes about Argos in USENIX ’;Login:’ (October 2007).
Bright magazine: Feature: ”Labrats” (April 2006, Dutch, article about Argos).
Computable: Opsporing Verzocht (February 2006, Dutch, article about Argos).
5