Paul Muntean
Dr. Paul Muntean
Alumni
E-Mail: | Paul Muntean |
Swisscom, Cyber Security Solution Architect |
PGP Key: public.asc
About
I am a Ph.D. candidate at the Chair for IT Security, Technical University of Munich (TUM) headed by Prof. Dr. Claudia Eckert. Previously, I received a M.Sc. degree in Computer Science from TUM, where I followed a study track focused on IT security.
Research Interests
I am interested in static/dynamic source code and binary analysis in order to detect/harden/prevent advanced Code Reuse Attacks (CRAs) in applications developed in C/C++ and/or JavaScript. I am interested in preventing CRAs by using static code analysis. Previously, I did research in the area of integer and buffer overflow memory corruption detection and repair since these vulnerabilities (e.g., others: bad object casting, dangling pointers, object type confusion, etc.) are commonly (not always) the first step towards CRA. Finally, for more details about my research please see this.
Paper Citations
Teaching
- Summer Semester 2018
- Winter Semester 2017 / 2018
- Seminar Control Flow Integrity based Security
- Seminar Common Security Flaws
- Summer semester 2017
- Exercises for lecture Secure mobile Systems
- Guest lecturer Ausgewählte Themen aus dem Bereich IT-Sicherheit
- Seminar Code Reuse Attacks and Defenses
- Proseminar Common Security Flaws
- Winter semester 2016 / 2017
- Exercises for lecture IT Security
- Assistance for lecture Grundlagen Betriebssysteme und Systemsoftware
- Guest lecturer Current Trends in IT Security
- Seminar Control Flow Integrity based Security
- Summer semester 2016
- Winter semester 2015 / 2016
- Assistance for lecture Grundlagen Betriebssysteme und Systemsoftware
- Seminar Security Bugs Fixing
- Summer semester 2015
- Seminar Security Bugs Fixing
- Seminar Security Bugs Fixing
- Winter semester 2012 / 2013
- Seminar Modern Assistive Devices
- Summer semester 2012
- Seminar Modern Assistive Devices
Supervised Work
- If you have a topic of mutual interest please contact me via E-Mail.
Completed Projects
- SiBase (completed)
Publications
2021 | iTOP: Automating Counterfeit Object-Oriented Programming Attacks
Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2021, San Sebastian, Spain, October 6-8, 2021, Proceedings |
|
2020 | ρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings
Annual Computer Security Applications Conference (ACSAC), ACM, 2020 |
|
IntRepair: Informed Repairing of Integer Overflows
International Conference on Software Engineering (ICSE), Journal First, ACM/IEEE |
||
2019 | Stack Overflow Considered Helpful! Deep Learning Security Nudges Towards Stronger Cryptography
28th USENIX Security Symposium (USENIX Security 19) |
|
Analyzing Control Flow Integrity with LLVM-CFI
Annual Computer Security Applications Conference (ACSAC), ACM, 2019. |
||
IntRepair: Informed Repairing of Integer Overflows
Transactions on Software Engineering (TSE), IEEE |
||
2018 | τCFI: Type-Assisted Control Flow Integrity for x86-64 Binaries.
Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10-12,2018, Proceedings |
|
CastSan: Efficient Detection of Polymorphic {C++} Object Type Confusions with {LLVM}
Computer Security - 23rd European Symposium on Research in Computer Security, {ESORICS} 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part {I} |
||
2016 | POSTER: vTableShield: Precise Protecting of Virtual Function Dispatches in C++ Programs
Google Ph.D. Student Summit on Compiler & Programming Technology, Munich, Germany |
|
2015 | POSTER: Automated Generation of Buffer Overflow Quick Fixes using Symbolic Execution and SMT
TechDays Cyber Security Workshop, Munich, Germany |
|
Automated Generation of Buffer Overflows Quick Fixes using Symbolic Execution and SMT
International Conference on Computer Safety, Reliability & Security (SAFECOMP), Delft, The Netherlands, September 2015. Springer LNCS |
||
Automated Detection of Information Flow Vulnerabilities in UML State Charts and C Code
International Conference on Software Quality, Reliability and Security Companion (QRS-C), Vancouver, Canada |
||
POSTER: Automated Generation of Buffer Overflow Quick Fixes using Symbolic Execution and SMT
Security Network Munich and BICCnet Workshop, Munich, Germany |
||
2014 | Context-sensitive Detection of Information Exposure Bugs with Symbolic Execution
International Workshop on Innovative Software Development Methodologies and Practices (InnoSWDev), Hong Kong, China |
|
2013 | Powwow: A Tool for Collaborative Software Jam Sessions
International Conference on Advanced Collaborative Networks, Systems and Applications (COLLA), Nice, France |
|
A Framework for the Creation of Mobile Educational Games for Dyslexic Children
International Conference on Mobile Learning (ML), Lisbon, Portugal |
||
2012 | A Framework for Game Tuning
IADIS Game and Entertainment Techonologies (GET), Lisbon, Portugal |
|
2010 | Mobile Robot Navigation on Partially Known Maps using a Fast A* Algorithm Version
IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR 2010), presented at the student session, not published |