Daniel Andriesse

I’m a researcher at Intel, where my research areas include CPU glitching and taint tracking. I’m also studying Physics at the University of Amsterdam.

Before joining Intel, I was a postdoctoral researcher in the System and Network Security Group at Vrije Universiteit Amsterdam. I obtained my Ph.D. in Computer Science (cum laude) at Vrije Universiteit Amsterdam in June 2017 for my thesis entitled “Analyzing and Securing Binaries Through Static Disassembly,” winning the Roger Needham Ph.D. Award at EuroSys 2018, and the ACM SIGSAC Doctoral Dissertation Award at CCS 2018.

I was one of the main reverse engineers in the takedown of the GameOver Zeus peer-to-peer botnet (Operation Tovar), and I'm the author of Practical Binary Analysis. You can see my CV here.

Practical Binary Analysis

Available in English, Polish, Korean, Japanese, and Chinese (Mandarin). See the book website for more information.

Publications

Peer-Reviewed Papers

2020

M. Kurth, B. Gras, D. Andriesse, C. Giuffrida, H. Bos, and K. Razavi, “NetCAT: Practical Cache Attacks from the Network,” in Proceedings of the 41^st IEEE Symposium on Security and Privacy (S&P'20), (San Francisco, CA, USA), May 2020. PDF BibTeX
@inproceedings{netcat_sp2020, author = {Kurth, Michael and Gras, Ben and Andriesse, Dennis and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh}, title = {{NetCAT}: {Practical} {Cache} {Attacks} from the {Network}}, booktitle = {{Proceedings of the 41st IEEE Symposium on Security and Privacy (S\&P'20)}}, publisher = {{IEEE}}, address = {{San Francisco, CA, USA}}, month = {May}, year = {2020} } × « Download citation » « Close »

2019

A. Pawlowski, V. van der Veen, D. Andriesse, E. van der Kouwe, T. Holz, C. Giuffrida, and H. Bos, “VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching,” in Proceedings of the 35^th Annual Computer Security Applications Conference (ACSAC'19), (San Juan, PR, USA), December 2019. PDF BibTeX
@inproceedings{acsac2019, author = {A. Pawlowski and V. van der Veen and D. Andriesse and E. van der Kouwe and T. Holz and C. Giuffrida and H. Bos}, title = {{VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching}}, booktitle = {{Proceedings of the 2019 Annual Computer Security Applications Conference (ACSAC'19)}}, month = {December}, year = {2019} } × « Download citation » « Close »
E. van der Kouwe, G. Heiser, D. Andriesse, H. Bos, and C. Giuffrida, “SoK: Benchmarking Flaws in Systems Security,” in Proceedings of the 4^th IEEE European Symposium on Security and Privacy (EuroS&P'19), (Stockholm, Sweden), June 2019. PDF BibTeX
@inproceedings{benchcrimes-eurosp-2019, author = {Erik van der Kouwe and Gernot Heiser and Dennis Andriesse and Herbert Bos and Cristiano Giuffrida}, title = {{SoK: Benchmarking Flaws in Systems Security}}, booktitle = {{Proceedings of the 4th IEEE European Symposium on Security and Privacy (EuroS\&P'19)}}, publisher = {{IEEE}}, address = {{Stockholm, Sweden}}, month = {June}, year = {2019} } × « Download citation » « Close »

2018

F. de Goër, S. Rawat, D. Andriesse, H. Bos, and R. Groz, “Now You See Me: Real-time Dynamic Function Call Detection,” in Proceedings of the 2018 Annual Computer Security Applications Conference (ACSAC'18), (San Juan, Puerto Rico, USA), December 2018. PDF BibTeX Source
@inproceedings{acsac2018, author = {Franck de Go\"er and Sanjay Rawat and Dennis Andriesse and Herbert Bos and Roland Groz}, title = {{Now You See Me: Real-time Dynamic Function Call Detection}}, booktitle = {{Proceedings of the 2018 Annual Computer Security Applications Conference (ACSAC'18)}}, month = {December}, year = {2018} } × « Download citation » « Close »
R. K. Konoth, M. Oliverio, A. Tatar, D. Andriesse, H. Bos, C. Giuffrida, and K. Razavi, “ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks,” in Proceedings of the 13^th USENIX Symposium on Operating Systems Design and Implementation (OSDI'18), (Carlsbad, CA, USA), October 2018. PDF BibTeX
@inproceedings{osdi2018, author = {Radhesh Krishnan Konoth and Marco Oliverio and Andrei Tatar and Dennis Andriesse and Herbert Bos and Cristiano Giuffrida and Kaveh Razavi}, title = {{ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks}}, booktitle = {{Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI'18)}}, publisher = {{USENIX}}, address = {{Carlsbad, CA, USA}}, month = {October}, year = {2018} } × « Download citation » « Close »

2017

V. van der Veen, D. Andriesse, M. Stamatogiannakis, X. Chen, H. Bos, and C. Giuffrida, “The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later,” in Proceedings of the 24^th Conference on Computer and Communications Security (CCS'17), (Dallas, TX, USA), October 2017. PDF BibTeX
@inproceedings{ccs2017, author = {Victor van der Veen and Dennis Andriesse and Manolis Stamatogiannakis and Xi Chen and Herbert Bos and Cristiano Giuffrida}, title = {{The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later}}, booktitle = {{Proceedings of the 24th Conference on Computer and Communications Security (CCS'17)}}, publisher = {{ACM}}, address = {{Dallas, TX, USA}}, month = {October}, year = {2017} } × « Download citation » « Close »
D. Andriesse, A. Slowinska, and H. Bos, “Compiler-Agnostic Function Detection in Binaries,” in Proceedings of the 2^nd IEEE European Symposium on Security and Privacy (EuroS&P'17), (Paris, France), April 2017. (Best Paper Award) PDF BibTeX Source Slides
@inproceedings{andriesse-eurosp-2017, author = {Dennis Andriesse and Asia Slowinska and Herbert Bos}, title = {{Compiler-Agnostic Function Detection in Binaries}}, booktitle = {{Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS\&P'17)}}, publisher = {{IEEE}}, address = {{Paris, France}}, month = {April}, year = {2017} } × « Download citation » « Close »

2016

D. Andriesse, X. Chen, V. van der Veen, A. Slowinska, and H. Bos, “An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries,” in Proceedings of the 25^th USENIX Security Symposium (USENIX Sec'16), (Austin, TX, USA), August 2016. PDF BibTeX Data set (results and binaries) Data set (VM with credentials disasm/disasm) Slides
@inproceedings{andriesse-sec-2016, author = {Dennis Andriesse and Xi Chen and Victor {van der Veen} and Asia Slowinska and Herbert Bos}, title = {{An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries}}, booktitle = {{Proceedings of the 25th USENIX Security Symposium (USENIX Sec'16)}}, publisher = {{USENIX}}, address = {{Austin, TX, USA}}, month = {August}, year = {2016} } × « Download citation » « Close »

2015

D. Andriesse, V. van der Veen (joint first author), E. Göktaş, B. Gras, L. Sambuc, A. Slowinska, H. Bos, and C. Giuffrida, “Practical Context-Sensitive CFI,” in Proceedings of the 22^nd Conference on Computer and Communications Security (CCS'15), (Denver, CO, USA), ACM, October 2015. PDF BibTeX Source Slides
@inproceedings{andriesse-ccs-2015, author = {Dennis Andriesse and Victor {van der Veen} and Enes G{\"o}kta{\c s} and Ben Gras and Lionel Sambuc and Asia Slowinska and Herbert Bos and Cristiano Giuffrida}, title = {{Practical Context-Sensitive CFI}}, booktitle = {{Proceedings of the 22nd Conference on Computer and Communications Security (CCS'15)}}, publisher = {{ACM}}, address = {{Denver, CO, USA}}, month = {October}, year = {2015} } × « Download citation » « Close »
D. Andriesse, C. Rossow, and H. Bos, “Reliable Recon in Adversarial Peer-to-Peer Botnets,” in Proceedings of the 15^th Internet Measurement Conference (IMC'15), (Tokyo, Japan), ACM, October 2015. PDF BibTeX Addendum Slides
@inproceedings{andriesse-imc-2015, author = {Dennis Andriesse and Christian Rossow and Herbert Bos}, title = {{Reliable Recon in Adversarial Peer-to-Peer Botnets}}, booktitle = {{Proceedings of the 15th Internet Measurement Conference (IMC'15)}}, publisher = {ACM}, address = {Tokyo, Japan}, month = {October}, year = {2015} } × « Download citation » « Close »
D. Andriesse, H. Bos, and A. Slowinska, “Parallax: Implicit Code Integrity Verification Using Return-Oriented Programming,” in Proceedings of the 45^th Conference on Dependable Systems and Networks (DSN'15), (Rio de Janeiro, Brazil), IEEE Computer Society, June 2015. PDF BibTeX Slides
@inproceedings{andriesse-dsn-2015, author = {Dennis Andriesse and Herbert Bos and Asia Slowinska}, title = {{Parallax: Implicit Code Integrity Verification Using Return-Oriented Programming}}, booktitle = {{Proceedings of the 45th Conference on Dependable Systems and Networks (DSN'15)}}, publisher = {{IEEE Computer Society}}, address = {{Rio de Janeiro, Brazil}}, month = {June}, year = {2015}, } × « Download citation » « Close »
X. Chen, A. Slowinska, D. Andriesse, H. Bos, and C. Giuffrida, “StackArmor: Comprehensive Protection from Stack-Based Memory Error Vulnerabilities for Binaries,” in Proceedings of the Network and Distributed System Security Symposium (NDSS’15), (San Diego, CA, USA), Internet Society, February 2015. PDF BibTeX
@inproceedings{chen-ndss-2015, author = {Xi Chen and Asia Slowinska and Dennis Andriesse and Herbert Bos and Cristiano Giuffrida}, title = {{StackArmor: Comprehensive Protection from Stack-Based Memory Error Vulnerabilities for Binaries}}, booktitle = {{Proceedings of the Network and Distributed System Security Symposium (NDSS'15)}}, publisher = {{Internet Society}}, address = {{San Diego, CA, USA}}, month = {February}, year = {2015}, } × « Download citation » « Close »

2014

D. Andriesse and H. Bos, “Instruction-Level Steganography for Covert Trigger-Based Malware (Extended Abstract),” in Proceedings of the 11^th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA’14), (London, United Kingdom), Springer-Verlag, July 2014. PDF BibTeX Slides
@inproceedings{andriesse-dimva-2014, author = {Dennis Andriesse and Herbert Bos}, title = {{Instruction-Level Steganography for Covert Trigger-Based Malware}}, booktitle = {{Proceedings of the 11th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA'14)}}, publisher = {{Springer-Verlag}}, address = {{London, United Kingdom}}, month = {July}, year = {2014}, } × « Download citation » « Close »

2013

D. Andriesse, C. Rossow, B. Stone-Gross, D. Plohmann, and H. Bos, “Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus,” in Proceedings of the 8^th IEEE International Conference on Malicious and Unwanted Software (MALWARE’13), (Fajardo, Puerto Rico, USA), IEEE Computer Society, October 2013. PDF BibTeX
@inproceedings{andriesse-malware-2013, author = {Dennis Andriesse and Christian Rossow and Brett {Stone-Gross} and Daniel Plohmann and Herbert Bos}, title = {{Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus}}, booktitle = {{Proceedings of the 8th IEEE International Conference on Malicious and Unwanted Software (MALWARE'13)}}, publisher = {{IEEE Computer Society}}, address = {{Fajardo, Puerto Rico, USA}}, month = {October}, year = {2013}, } × « Download citation » « Close »

Since the publication of our MALWARE’13 paper, P2P Zeus has seen several updates. Most notably, some recent variants use the DGA as the main C2 channel instead of the P2P proxy layer. For a technical reference, it is therefore best to refer to our periodically updated technical report.
C. Rossow, D. Andriesse, T. Werner, B. Stone-Gross, D. Plohmann, C. Dietrich, and H. Bos, “P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets,” in Proceedings of the 34^th IEEE Symposium on Security and Privacy (S&P’13), (San Francisco, CA, USA), IEEE Computer Society, May 2013. PDF BibTeX
@inproceedings{rossow-oakland-2013, author = {Christian Rossow and Dennis Andriesse and Tillmann Werner and Brett {Stone-Gross} and Daniel Plohmann and Christian Dietrich and Herbert Bos}, title = {{P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets}}, booktitle = {{Proceedings of the 34th IEEE Symposium on Security and Privacy (Oakland'13)}}, publisher = {{IEEE Computer Society}}, address = {{San Francisco, CA, USA}}, month = {May}, year = {2013}, } × « Download citation » « Close »

Preprints

E. van der Kouwe, D. Andriesse, H. Bos, C. Giuffrida and G. Heiser, “Benchmarking Crimes: An Emerging Threat in Systems Security,” Preprint (arXiv:1801.02381), January 2018. PDF BibTeX
@misc{benchcrimes-arxiv-1801.02381, author = {Erik van der Kouwe and Dennis Andriesse and Herbert Bos and Cristiano Giuffrida and Gernot Heiser}, title = {{Benchmarking Crimes: An Emerging Threat in Systems Security}}, year = {2018}, eprint = {arXiv:1801.02381}, } × « Download citation » « Close »

Technical Reports

D. Andriesse, C. Rossow and H. Bos, “Distributed Crawler Detection in Peer-to-Peer Botnets,” Technical Report IR-CS-77, VU University Amsterdam, October 2015. PDF BibTeX
@techreport{andriesse-crawlers-2015, author = {Dennis Andriesse and Christian Rossow and Herbert Bos}, title = {{Distributed Crawler Detection in Peer-to-Peer Botnets}}, institution = {{VU University Amsterdam}}, number = {{IR-CS-77}}, year = {2015}, month = {October}, } × « Download citation » « Close »
D. Andriesse and H. Bos, “An Analysis of the Zeus Peer-to-Peer Protocol,” Technical Report IR-CS-74, VU University Amsterdam, May 2013 (last revised April 2014). PDF BibTeX
@techreport{andriesse-zeus-2013, author = {Dennis Andriesse and Herbert Bos}, title = {{An Analysis of the Zeus Peer-to-Peer Protocol}}, institution = {{VU University Amsterdam}}, number = {{IR-CS-74}}, year = {2013}, month = {May}, } × « Download citation » « Close »

Theses

D. Andriesse, “Analyzing and Securing Binaries Through Static Disassembly,” Ph.D. thesis (promotor Herbert Bos and copromotor Asia Slowinska), Vrije Universiteit Amsterdam, June 2017. (Roger Needham Ph.D. Award, ACM SIGSAC Doctoral Dissertation Award) PDF Cover BibTeX
@phdthesis{andriesse-thesis-2017, author = {Dennis Andriesse}, title = {{Analyzing and Securing Binaries Through Static Disassembly}}, school = {{Vrije Universiteit Amsterdam}}, year = {2017}, month = {June} } × « Download citation » « Close »
D. Andriesse, “A Comparative Analysis of the Resilience of Peer-to-Peer Botnets,” M.Sc. thesis (advisors Herbert Bos and Christian Rossow), Vrije Universiteit Amsterdam, August 2012. PDF BibTeX
@mastersthesis{andriesse-thesis-2012, author = {Dennis Andriesse}, title = {{A Comparative Analysis of the Resilience of Peer-to-Peer Botnets}}, school = {{VU University Amsterdam}}, year = {2012}, month = {August}, type = {M.Sc. Thesis} } × « Download citation » « Close »
D. Andriesse, “Feasibility of the RFID Guardian as a Relay Attack Platform,” B.Sc. thesis (advisors Melanie Rieback and Rutger Hofman), Vrije Universiteit Amsterdam, June 2010. PDF BibTeX
@mastersthesis{andriesse-thesis-2010, author = {Dennis Andriesse}, title = {{Feasibility of the RFID Guardian as a relay attack platform}}, school = {{VU University Amsterdam}}, year = {2010}, month = {June}, type = {B.Sc. Thesis} } × « Download citation » « Close »

^*Note that much of my research was published as Dennis Andriesse.

Projects

PathArmor

PathArmor (published at CCS'15) is the first practical Context-sensitive Control-Flow Integrity (CFI) platform. Other CFI implementations track control transfers individually, leaving sufficient leeway for ROP attacks. Context-sensitive CFI improves security by validating control transfers to sensitive program states within the context of preceding edges, greatly reducing the number of exploitable program paths available to an attacker. The PathArmor proof of concept is available at https://github.com/dennisaa/patharmor.

git clone https://github.com/dennisaa/patharmor.git

Reviewing

RAID’24
PC member

WOOT’23
PC member

ACM TOPLAS
Reviewer (May’21)

BAR’20
PC member

IEEE Security&Privacy Magazine
Reviewer (Oct’19)

EuroS&P’19
PC member

CCS’18
PC member

WOOT’18
PC member

ACM Computing Surveys (CSUR)
Reviewer (July’18)

ICDCS’18
PC member (short track)

IEEE Security&Privacy Magazine
Reviewer (Aug’17)

Journal of Computer Security
Reviewer (May’17)

ASPLOS’17
External reviewer

MALCON’16
External reviewer