TUM Logo

Paul Muntean

Dr. Paul Muntean

Alumni

E-Mail:
Swisscom, Cyber Security Solution Architect

PGP Key: public.asc

About

I am a Ph.D. candidate at the Chair for IT SecurityTechnical University of Munich (TUM) headed by Prof. Dr. Claudia Eckert. Previously, I received a M.Sc. degree in Computer Science from TUM, where I followed a study track focused on IT security. 

Research Interests

I am interested in static/dynamic source code and binary analysis in order to detect/harden/prevent advanced Code Reuse Attacks (CRAs) in applications developed in C/C++ and/or JavaScript. I am interested in preventing CRAs by using static code analysis. Previously, I did research in the area of integer and buffer overflow memory corruption detection and repair since these vulnerabilities (e.g., others: bad object casting, dangling pointers, object type confusion, etc.) are commonly (not always) the first step towards CRA. Finally, for more details about my research please see this.

Paper Citations

Teaching

Supervised Work

  • If you have a topic of mutual interest please contact me via E-Mail.

Completed Projects

 

Publications

2021   iTOP: Automating Counterfeit Object-Oriented Programming Attacks

Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2021, San Sebastian, Spain, October 6-8, 2021, Proceedings

2020   ρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings

Annual Computer Security Applications Conference (ACSAC), ACM, 2020

  IntRepair: Informed Repairing of Integer Overflows

International Conference on Software Engineering (ICSE), Journal First, ACM/IEEE

2019   Stack Overflow Considered Helpful! Deep Learning Security Nudges Towards Stronger Cryptography

28th USENIX Security Symposium (USENIX Security 19)

  Analyzing Control Flow Integrity with LLVM-CFI

Annual Computer Security Applications Conference (ACSAC), ACM, 2019.

  IntRepair: Informed Repairing of Integer Overflows

Transactions on Software Engineering (TSE), IEEE

2018   τCFI: Type-Assisted Control Flow Integrity for x86-64 Binaries.

Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10-12,2018, Proceedings

  CastSan: Efficient Detection of Polymorphic {C++} Object Type Confusions with {LLVM}

Computer Security - 23rd European Symposium on Research in Computer Security, {ESORICS} 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part {I}

2016   POSTER: vTableShield: Precise Protecting of Virtual Function Dispatches in C++ Programs

Google Ph.D. Student Summit on Compiler & Programming Technology, Munich, Germany

2015   POSTER: Automated Generation of Buffer Overflow Quick Fixes using Symbolic Execution and SMT

TechDays Cyber Security Workshop, Munich, Germany

  Automated Generation of Buffer Overflows Quick Fixes using Symbolic Execution and SMT

International Conference on Computer Safety, Reliability & Security (SAFECOMP), Delft, The Netherlands, September 2015. Springer LNCS

  Automated Detection of Information Flow Vulnerabilities in UML State Charts and C Code

International Conference on Software Quality, Reliability and Security Companion (QRS-C), Vancouver, Canada

  POSTER: Automated Generation of Buffer Overflow Quick Fixes using Symbolic Execution and SMT

Security Network Munich and BICCnet Workshop, Munich, Germany

2014   Context-sensitive Detection of Information Exposure Bugs with Symbolic Execution

International Workshop on Innovative Software Development Methodologies and Practices (InnoSWDev), Hong Kong, China

2013   Powwow: A Tool for Collaborative Software Jam Sessions

International Conference on Advanced Collaborative Networks, Systems and Applications (COLLA), Nice, France

  A Framework for the Creation of Mobile Educational Games for Dyslexic Children

International Conference on Mobile Learning (ML), Lisbon, Portugal

2012   A Framework for Game Tuning

IADIS Game and Entertainment Techonologies (GET), Lisbon, Portugal

2010   Mobile Robot Navigation on Partially Known Maps using a Fast A* Algorithm Version

IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR 2010), presented at the student session, not published