Refereed Publications

2018

[ACSAC] Reza Mirzazade Farkhani, Saman Jafari, Sajjad Arshad, William Robertson, Engin Kirda, and Hamed Okhravi, "On the Effectiveness of Type-based Control Flow Integrity," Proceedings of IEEE Annual Computer Security Applications Conference (ACSAC'18), Puerto Rico, USA, 2018
[PDF][BIB]

[CCS] Benjamin E. Ujcich, Samuel Jero, Anne Edmundson, Qi Wang, Richard Skowyra, James Landry, Adam Bates, William H. Sanders, Cristina Nita-Rotaru, Hamed Okhravi"Cross-App Poisoning in Software-Defined Networking," Proceedings of the 25th ACM Computer and Communications Security (CCS'18), Toronto, Canada, 2018
[PDF][BIB]

[IEEE SecDev] Ronald Gil, Hamed Okhravi, and Howard Shrobe, "There’s a Hole in the Bottom of the C:
On the Effectiveness of Allocation Protection," Proceedings of the IEEE Secure Development Conference (SecDev'18), Cambridge, MA, USA, 2018
[PDF][BIB]

[IEEE S&P] Timothy Vidas, Per Larsen, Hamed Okhravi, and Ahmad-Reza Sadeghi, "Changing the Game of Software Security," IEEE Security & Privacy, Mar/Apr, vol.16, no.2, pp.10-11, 2018
[PDF][BIB]

[DSN] Richard Skowyra, Lei Xu, Guofei Gu, Veer Dedhia, Thomas Hobson, Hamed Okhravi, and James Landry, "Effective Topology Tampering Attacks and Defenses in Software-Defined Networks, "Proceedings of 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'18), Luxembourg City, Luxembourg, June 2018
[PDF][BIB]

[ACM Book] Stephen Crane, Andrei Homescu, Per Larsen, Hamed Okhravi, Michael Franz, "Diversity and Information Leaks," In The Continuing Arms Race: Code-Reuse Attacks and Defenses, Book, ISBN: 978-1-97000-183-9, pp. 61-79, 2018
[PDF][BIB]


2017

[ACSAC] Richard Skowyra, Steven R. Gomez, David Bigelow, James Landry, and Hamed Okhravi, "QUASAR: Quantitative Attack Space Analysis and Reasoning," Proceedings of IEEE Annual Computer Security Applications Conference (ACSAC'17), Orlando, FL, 2017
[PDF][BIB]

[USENIX Security] Samuel Jero, William Koch, Richard Skowyra, Hamed Okhravi, Cristina Nita-Rotaru, and David Bigelow, "Identifier Binding Attacks and Defenses in Software-Defined Networks," Proceedings of the USENIX Security Symposium (USENIX'17), Vancouver, Canada, 2017
[PDF][BIB]

[RAID] Samuel Jero, Xiangyu Bu, Cristina Nita-Rotaru, Hamed Okhravi, and Sonia Fahmy, "BEADS: Automated Attack Discovery in OpenFlow-based SDN Systems," Proceedings of the Proceedings of the  International Symposium on Research in Attacks, Intrusions, and Defenses (RAID'17), Atlanta, GA, 2017
[PDF][BIB]

[NDSS]
Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi, and Hamed Okhravi, "Address-Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity," Proceedings of the Network and Distributed System Security Symposium (NDSS'17), San Diego, CA, 2017
[PDF][BIB]


2016

[LL Journal] Hamed Okhravi, William Streilein, and Kevin Bauer, "Moving Target Techniques: Leveraging Uncertainty for Cyber Defense," Lincoln Laboratory Journal, Special Issue on Cyber Security, Vol. 22, No. 1, 2016
[PDF][BIB]

[MTD] Richard Skowyra, Kevin Bauer, Veer Dedhia, and Hamed Okhravi, "Have No PHEAR: Networks Without Identifiers," Proceedings of the ACM CCS Workshop on Moving Target Defenses (MTD'16), 2016
[PDF][BIB]  


2015

[CCS] Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos, "Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity," Proceedings of the 22nd ACM Computer and Communications Security (CCS'15), Denver, CO, 2015
[PDF][BIB]

[CCS] David Bigelow, Thomas Hobson, Robert Rudd, William Streilein, and Hamed Okhravi, "Timely Rerandomization for Mitigating Memory Disclosures," Proceedings of the 22nd ACM Computer and Communications Security (CCS'15), Denver, CO, 2015
[PDF][BIB]

[Oakland] Isaac Evans, Samuel Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi, "Missing the Point(er): On the Effectiveness of Code Pointer Integrity," Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland'15), San Jose, CA, 2015
[PDF][BIB]

[HST] Paula Donovan,  Jeffrey McLamb, Hamed Okhravi, James Riordan, and Charles V. Wright. "Quantitative evaluation of moving target technology." In Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, pp. 1-7. IEEE, 2015
[PDF][BIB]

[RWS] Kevin Bauer, Veer Dedhia, Richard Skowyra, William Streilein, Hamed Okhravi, "Multi-Variant Execution to Protect Unpatched Software," Resilience Week (RWS), 2015, 1-6
[PDF][BIB]


2014

[CCS] Jeff Seibert, Hamed Okhravi, and Eric Soderstrom, "Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code," Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS'14), Scottsdale, AZ, 2014
[PDF][BIB]

[MTD] Thomas Hobson, Hamed Okhravi, David Bigelow, Robert Rudd, and William Streilein, "On the Challenges of Effective Movement," Proceedings of the ACM CCS Workshop on Moving Target Defenses (MTD'14), 2014
[PDF][BIB]

[MTD] Kevin Carter, James Riordan, Hamed Okhravi, "A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses," Proceedings of the ACM CCS Workshop on Moving Target Defenses (MTD'14), 2014
[PDF][BIB]  

[RAID] Hamed Okhravi, James Riordan, and Kevin Carter, "Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism," Proceedings of the 17th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID’14), Lecture Notes in Computer Science (LNCS), 2014
[PDF][BIB]
Recipient of Honorable Mention at the 2015 NSA's 3rd Annual Best Scientific Cybersecurity Paper Competition

[IEEE S&P] Hamed Okhravi, Thomas Hobson, David Bigelow, and William Streilein, "Finding Focus in the Blur of Moving Target Techniques," IEEE Security & Privacy, vol.12, no.2, pp.16-26, Mar.-Apr. 2014
[PDF][BIB]


2013

[RAID] Richard Skowyra, Kelly Casteel, Hamed Okhravi, and William Streilein, "Systematic Analysis of Defenses Against Return-Oriented Programming," Proceedings of the 16th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID’13), Lecture Notes in Computer Science (LNCS), Vol. 8145, pp. 82-102, 2013
[PDF][BIB]


2012

[IJCIP] Hamed Okhravi, Adam Comella, Eric Robinson, and Joshua Haines, "Creating a Cyber Moving Target for Critical Infrastructure Applications Using Platform Diversity," Elsevier International Journal of Critical Infrastructure Protection (IJCIP), vol. 5, no. 1, 2012
[PDF][BIB]
One of the Most Cited IJCIP arcticles.


2011

[CODASPY] Sonia Jahid, Imranul Hoque, Carl Gunter, and Hamed Okhravi, "MyABDAC: Compiling XACML Policies for Attribute-Based Database Access Control," Proceedings of the First ACM Conference on Data and Application Security and Privacy (CODASPY'10), San Antonio, TX, Feb 21-23, 2011
[PDF][BIB]

[MILCOM] Hamed Okhravi, Andrew Johnson, Joshua Haines, Travis Mayberry, and Agnes Chan, "Dedicated vs. Distributed: A Study of Mission Survivability Metrics," Proceedings of the IEEE Military Communications Conference (MILCOM’11), Baltimore, MD, November, 2011
[PDF][BIB]

[IFIP CIP] Hamed Okhravi, Adam Comella, Eric I. Robinson, Stephen Yannalfo, Peter W. Michaleas, and Joshua Haines, "Creating a Cyber Moving Target for Critical Infrastructure Applications." Critical Infrastructure Protection V, J. Butts and S. Shenoi (Eds.), IFIP International Federation for Information Processing, Springer, 2011  
[PDF][BIB]

[High Frontier Journal] Hamed Okhravi, Joshua Haines, and Kyle Ingols, "Achieving Cyber Survivability in a Contested Environment Using a Cyber Moving Target," High Frontier Journal: The Journal for Space and Cyberspace Professionals, vol. 7, no. 3, 2011
[PDF][BIB]


2010

[HST] Hamed Okhravi, Stanley Bak, and Samuel T. King, "Design, Implementation and Evaluation of Covert Channel Attacks," Proceedings of the IEEE Conference on Homeland Security Technologies (IEEE HST'10),Wltham, MA , November 8 - 10, 2010
[PDF][BIB]

[SRCA] Hamed Okhravi, Eric I. Robinson, Adam Comella, Stephen Yannalfo, Peter W. Michaleas, and Joshua Haines, "TALENT: Dynamic Platform Heterogeneity for Cyber Survivability of Mission Critical Applications," Proceedings of Secure and Resilient Cyber Architecture Conference (SRCA'10), McLean, VA, October 29, 2010
[PDF][BIB]

[CSIIRW] Hamed Okhravi, Fredrick T. Sheldon, "Data diodes in support of trustworthy cyber infrastructure," Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW'10), Oak Ridge, TN , April 21 -23, 2010
[PDF][BIB]

[IET] Stephen Bishop, Hamed Okhravi , Shahram Rahimi and Yung-Chuan Lee, "Covert-Channel Resistant Information Leakage Protection using a Multi-Agent Architecture," IET Information Security Special Issue on Multi-Agent & Distributed Information Security, vol. 4, no. 4, 2010
[PDF][BIB]


2009

[ACSAC] Hamed Okhravi and David M. Nicol, "TrustGraph: Trusted Graphics Subsystem for High Assurance Systems," Proceedings of IEEE Annual Computer Security Applications Conference (ACSAC'09), Honolulu, HI, December 2009
[PDF][BIB]

[SafeConfig] Hamed Okhravi, Ryan H. Kagin and David M. Nicol, "PolicyGlobe: A Framework for Integrating Network and Operating System Security Policies," Proceedings of ACM Workshop on Assurable & Usable Security Configuration (SafeConfig'09), Chicago, IL, November 2009 
[PDF][BIB]

[IA] Yung-Chuan Lee, Stephen Bishop, Hamed Okhravi and Shahram Rahimi, "Information Leakage Detection in Distributed Systems using Software Agent," Proceedings of IEEE Symposium on Intelligent Agents (IA'09), Nashvile, TN, March 2009 
[PDF][BIB]

[CCS Poster] Sonia Jahid, Imranul Hoque, Hamed Okhravi and Carl Gunter, "Enhancing Database Access Control with XACML Policy," Poster at 16th ACM Conference on Computer and Communications Security (CCS'09), 2009
[PDF][BIB]

[IJCIP] Hamed Okhravi and David Nicol, "Application of Trusted Network Technology to Industrial Control Networks," Elsevier International Journal of Critical Infrastructure Protection (IJCIP), Elsevier, Vol. 2, No. 3, 2009 
[PDF][BIB]

[ETRCS] Hamed Okhravi, Stephen Bishop, Shahram Rahimi and Yung-Chuan Lee, "A MA-based
System for Information Leakage Detection in Distributed Systems," Emerging Technologies, Robotics and Control Systems, Third Edition, June 2009 
[PDF][BIB]


2008

[IFIP CIP] Hamed Okhravi and David Nicol, "Chapter5: Applying Trusted Network Technology To Process Control Systems," Critical Infrastructure Protection II, E. Goetz and S. Shenoi (Eds.), International Federation for Information Processing (IFIP), Springer, Boston, ISBN: 978-0-387-88522-3, 2008 
[PDF][BIB]

[IJCI] Hamed Okhravi and David Nicol, Evaluation of Patch Management Strategies, International Journal of Computational Intelligence: Theory and Practice, Vol. 3, No. 2, Dec 2008 
[PDF][BIB]


2006

[NAPS] Matt Davis, Zeb Tate, Hamed Okhravi, Chris Grier, Tom J. Overbye, and David M. Nicol, SCADA Cyber Security Testbed Development, Proceedings of North American Power Symposium (NAPS'06), Carbondale, IL, pp. 483-488, September 2006 
[PDF][BIB]


2005

[WSC] David M. Nicol and Hamed Okhravi, Performance analysis of Binary Code Protection, Proceedings of Winter Simulation Conference (WSC'05), Orlando, FL, pp. 601-610, December 2005 
[PDF][BIB]

Other Publications

Theses Supervised

  1. Isaac Evans, Analysis of Defenses Against Code Reuse Attacks on Modern and New Architectures. Master of Engineering Thesis in Computer Science and Engineering, Massachusetts Institute of Technology, 2015
    [PDF][BIB]

  2. Ulziibayar Otgonbaatar, Evaluating Modern Defenses Against Control Flow Hijacking. Master of Engineering Thesis in Computer Science and Engineering, Massachusetts Institute of Technology, 2015
    [PDF][BIB]

  3. Eric Soderstrom, Analysis of Return Oriented Programming and Countermeasures. Master of Engineering Thesis in Computer Science and Engineering, Massachusetts Institute of Technology, 2014
    [PDF][BIB]

  4. Kelly Casteel, A Systematic Analysis of Defenses Against Code Reuse Attacks. Master of Engineering Thesis in Computer Science and Engineering, Massachusetts Institute of Technology, 2013
    [PDF][BIB]

Technical Reports

  1. Bryan Ward, Steven Gomez, Richard Skowyra, David Bigelow, Jason Martin, James Landry, and Hamed Okhravi, Survey of Cyber Moving Targets - Second Edition, Massachusetts Institute of Technology Lincoln Laboratory, Technical Report 1228, 2018
    [PDF][BIB]


  2. Hamed Okhravi, Mark Rabe, Travis Mayberry, William Leonard, Thomas Hobson, David Bigelow, and William Streilein. Survey of Cyber Moving Targets, Massachusetts Institute of Technology Lincoln Laboratory, Technical Report 1166, 2013
    [PDF][BIB]

Theses

  1. Hamed Okhravi. Trusted and High Assurance Systems. Ph.D. Dissertation, University of Illinois at Urbana Champaign, 2010
  2. [PDF][BIB]

  3. Hamed Okhravi. Security Policy Integration and Consistency Validation. M.S. Thesis, University of Illinois at Urbana Champaign,. M.S. Thesis, University of Illinois at Urbana Champaign, 2006
    [PDF][BIB]

  4. Hamed Okhravi. Design and Implementation of Network Control, Supervision, and Policy Management System with High Security Feature. B.Sc. Thesis, Sharif University of Technology, 2003