Refereed Publications
Stats
12
Top-Tier
[Oakland, CCS, USENIX Security, NDSS]
12
Tier-2
[ACSAC, RAID, ESORICS, DSN, ASIACCS]
34
Other Venues
2022
[NDSS] Samuel Mergendahl,
Nathan Burow, and
Hamed Okhravi, "Cross-Language Attacks," Proceedings of the Network and Distributed System
Security Symposium (NDSS'22), San Diego, CA, 2022
[NDSS] Derrick McKee, Yianni Giannaris, Carolina Ortega, Howard Shrobe, Mathias Payer, Hamed Okhravi, and Nathan Burow, "Preventing Kernel Hacks with HAKC," Proceedings of the Network and Distributed System Security Symposium (NDSS'22), San Diego, CA, 2022
[NDSS] Derrick McKee, Yianni Giannaris, Carolina Ortega, Howard Shrobe, Mathias Payer, Hamed Okhravi, and Nathan Burow, "Preventing Kernel Hacks with HAKC," Proceedings of the Network and Distributed System Security Symposium (NDSS'22), San Diego, CA, 2022
2021
[ACSAC] Elijah Rivera, Samuel Mergendahl, Howard Shrobe,
Hamed Okhravi, and Nathan Burow, "Keep
Safe Rust Safe with Galeed
," Proceedings of the Annual Computer Security Applications Conference
(ACSAC'21), December 2021
![[PDF]](img/pdf.png)
![[BIB]](img/bib.png)
[RTSS] Claire Nord, Shai Caspin, Catherine Nemitz, Howard Shrobe, Hamed Okhravi, Jim Anderson, Nathan Burow and Bryan Ward, "TORTIS: Retry-Free Software Transactional Memory for Real-Time Systems," Proceedings of the IEEE Real-Time Systems Symposium (RTSS'21), December 2021
Outstanding Paper Award
[USENIX Security] Benjamin E. Ujcich and Samuel Jero and Richard Skowyra and Adam Bates and William H. Sanders and Hamed Okhravi, "Causal Analysis for Software-Defined Networking Attacks," Proceedings of the USENIX Security Symposium (USENIX'21), August 2021
[IEEE S&P] Hamed Okhravi, "A Cybersecurity Moonshot," IEEE Security & Privacy, Vol. 19, No. 3., May/June, 2021
[IEEE S&P] Amy Dettmer, Hamed Okhravi, Kevin Perry, Nabil Schear, Richard Shay, Mary Ellen Zurko, and Paula Donovan, "Lessons Learned From Designing a Security Architecture for Real-World Government Agencies," IEEE Security & Privacy, Vol. 19, No. 4., July/August, 2021
[ASIACCS] Chad Spensky, Aravind Machiry, Nilo Redini, Colin Unger, Graham Foster, Evan Blasband, Hamed Okhravi, Christopher Kruegel, and Giovanni Vigna, "Conware: Automated Modeling of Hardware Peripherals," Proceedings of ACM ASIA Conference on Computer and Communications Security (ASIACCS'21), Hong Kong, China, 2021
[DSN] Chad Spensky, Aravind Machiry, Nathan Burow, Hamed Okhravi, Rick Housley, Zhongshu Gu, Hani Jamjoom, Christopher Kruegel, and Giovanni Vigna, "Glitching Demystified: Analyzing Control-flow-based Glitching Attacks and Defenses," Proceedings of 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'21), Taipei, Taiwan, June 2021
[IEEE S&P] Sean Peisert, Bruce Schneier, Hamed Okhravi, Fabio Massacci, Terry Benzel, Carl Landwehr, Mohammad Mannan, Jelena Mirkovic, Atul Prakash, and James Bret Michael, "Perspectives on the SolarWinds Incident," IEEE Security & Privacy, Vol. 19, No. 4., July/August, 2021
[NDSS] Leila Rashidi, Daniel Kostecki, Alexander James, Anthony Peterson, Majid Ghaderi, Samuel Jero, Cristina Nita-Rotaru, Hamed Okhravi, and Reihaneh Safavi-Naini, "More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes," Proceedings of the Network and Distributed System Security Symposium (NDSS'21), San Diego, CA, 2021
[RTSS] Claire Nord, Shai Caspin, Catherine Nemitz, Howard Shrobe, Hamed Okhravi, Jim Anderson, Nathan Burow and Bryan Ward, "TORTIS: Retry-Free Software Transactional Memory for Real-Time Systems," Proceedings of the IEEE Real-Time Systems Symposium (RTSS'21), December 2021
Outstanding Paper Award
[USENIX Security] Benjamin E. Ujcich and Samuel Jero and Richard Skowyra and Adam Bates and William H. Sanders and Hamed Okhravi, "Causal Analysis for Software-Defined Networking Attacks," Proceedings of the USENIX Security Symposium (USENIX'21), August 2021
[IEEE S&P] Hamed Okhravi, "A Cybersecurity Moonshot," IEEE Security & Privacy, Vol. 19, No. 3., May/June, 2021
[IEEE S&P] Amy Dettmer, Hamed Okhravi, Kevin Perry, Nabil Schear, Richard Shay, Mary Ellen Zurko, and Paula Donovan, "Lessons Learned From Designing a Security Architecture for Real-World Government Agencies," IEEE Security & Privacy, Vol. 19, No. 4., July/August, 2021
[ASIACCS] Chad Spensky, Aravind Machiry, Nilo Redini, Colin Unger, Graham Foster, Evan Blasband, Hamed Okhravi, Christopher Kruegel, and Giovanni Vigna, "Conware: Automated Modeling of Hardware Peripherals," Proceedings of ACM ASIA Conference on Computer and Communications Security (ASIACCS'21), Hong Kong, China, 2021
[DSN] Chad Spensky, Aravind Machiry, Nathan Burow, Hamed Okhravi, Rick Housley, Zhongshu Gu, Hani Jamjoom, Christopher Kruegel, and Giovanni Vigna, "Glitching Demystified: Analyzing Control-flow-based Glitching Attacks and Defenses," Proceedings of 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'21), Taipei, Taiwan, June 2021
[IEEE S&P] Sean Peisert, Bruce Schneier, Hamed Okhravi, Fabio Massacci, Terry Benzel, Carl Landwehr, Mohammad Mannan, Jelena Mirkovic, Atul Prakash, and James Bret Michael, "Perspectives on the SolarWinds Incident," IEEE Security & Privacy, Vol. 19, No. 4., July/August, 2021
[NDSS] Leila Rashidi, Daniel Kostecki, Alexander James, Anthony Peterson, Majid Ghaderi, Samuel Jero, Cristina Nita-Rotaru, Hamed Okhravi, and Reihaneh Safavi-Naini, "More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes," Proceedings of the Network and Distributed System Security Symposium (NDSS'21), San Diego, CA, 2021
2020
[IEEE S&P] Hamed
Okhravi, Nathan Burow, Richard Skowyra, Bryan Ward, Samuel Jero, Roger Khazan, and Howard Shrobe, "One Giant Leap for Computer Security,"
IEEE Security & Privacy, Vol. 18, No. 4., July/August, 2020
[NDSS] Benjamin E. Ujcich, Samuel Jero, Richard Skowyra, Steven R. Gomez, Adam Bates, William H. Sanders, and Hamed Okhravi, "Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined NetworkingAutomated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking", Proceedings of the Network and Distributed System Security Symposium (NDSS'20), San Diego, CA, 2020
[NDSS] Benjamin E. Ujcich, Samuel Jero, Richard Skowyra, Steven R. Gomez, Adam Bates, William H. Sanders, and Hamed Okhravi, "Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined NetworkingAutomated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking", Proceedings of the Network and Distributed System Security Symposium (NDSS'20), San Diego, CA, 2020
2019
[ESORICS] Bryan Ward, Richard Skowyra,
Chad Spensky, Jason Martin, and Hamed
Okhravi, "The Leakage-Resilience Dilemma,"
Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS), Luxembourg, Sep, 2019
[ECRTS] Robert Walls, Nicholas Brown, Thomas Le Baron, Craig Shue, Hamed Okhravi, and Bryan Ward, "Control-Flow Integrity for Real-Time Embedded Systems," Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS), Luxembourg, Sep, 2019
[ECRTS] Robert Walls, Nicholas Brown, Thomas Le Baron, Craig Shue, Hamed Okhravi, and Bryan Ward, "Control-Flow Integrity for Real-Time Embedded Systems," Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS), Luxembourg, Sep, 2019
[DSN] Steven Gomez, Samuel Jero,
Richard Skowyra, Jason Martin, Patrick Sullivan, David Bigelow, Zachary Ellenbogen, Bryan Ward, Hamed
Okhravi, and James Landry, "Controller-Oblivious Dynamic Access Control in
Software-Defined Networks," Proceedings of 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, USA, Jun, 2019
[IoT S&P] Prashast Srivastava, Hui Peng, Jiahao Li, Hamed
Okhravi, Howard Shrobe, and Mathias Payer,"FirmFuzz: Automated IoT Firmware Introspection and Analysis," Proceedings of the ACM CCS IoT Security & Privacy Workshop (IoTS&P), London, Nov, 2019
Other Publications
2018
[ACSAC] Reza
Mirzazade Farkhani, Saman Jafari, Sajjad Arshad, William Robertson,
Engin Kirda, and Hamed
Okhravi, "On
the Effectiveness of Type-based Control Flow Integrity,"
Proceedings of IEEE Annual Computer
Security Applications Conference
(ACSAC'18), Puerto Rico, USA, 2018
[CCS] Benjamin E. Ujcich, Samuel Jero, Anne Edmundson, Qi Wang, Richard Skowyra, James Landry, Adam Bates, William H. Sanders, Cristina Nita-Rotaru, and Hamed Okhravi, "Cross-App Poisoning in Software-Defined Networking," Proceedings of the 25th ACM Computer and Communications Security (CCS'18), Toronto, Canada, 2018
[IEEE SecDev] Ronald Gil, Hamed Okhravi, and Howard Shrobe, "There’s a Hole in the Bottom of the C: On the Effectiveness of Allocation Protection," Proceedings of the IEEE Secure Development Conference (SecDev'18), Cambridge, MA, USA, 2018
[IEEE S&P] Timothy Vidas, Per Larsen, Hamed Okhravi, and Ahmad-Reza Sadeghi, "Changing the Game of Software Security," IEEE Security & Privacy, Mar/Apr, vol.16, no.2, pp.10-11, 2018
[DSN] Richard Skowyra, Lei Xu, Guofei Gu, Veer Dedhia, Thomas Hobson, Hamed Okhravi, and James Landry, "Effective Topology Tampering Attacks and Defenses in Software-Defined Networks, "Proceedings of 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'18), Luxembourg City, Luxembourg, June 2018
[ACM Book] Stephen Crane, Andrei Homescu, Per Larsen, Hamed Okhravi, Michael Franz, "Diversity and Information Leaks," In The Continuing Arms Race: Code-Reuse Attacks and Defenses, Book, ISBN: 978-1-97000-183-9, pp. 61-79, 2018
[CCS] Benjamin E. Ujcich, Samuel Jero, Anne Edmundson, Qi Wang, Richard Skowyra, James Landry, Adam Bates, William H. Sanders, Cristina Nita-Rotaru, and Hamed Okhravi, "Cross-App Poisoning in Software-Defined Networking," Proceedings of the 25th ACM Computer and Communications Security (CCS'18), Toronto, Canada, 2018
[IEEE SecDev] Ronald Gil, Hamed Okhravi, and Howard Shrobe, "There’s a Hole in the Bottom of the C: On the Effectiveness of Allocation Protection," Proceedings of the IEEE Secure Development Conference (SecDev'18), Cambridge, MA, USA, 2018
[IEEE S&P] Timothy Vidas, Per Larsen, Hamed Okhravi, and Ahmad-Reza Sadeghi, "Changing the Game of Software Security," IEEE Security & Privacy, Mar/Apr, vol.16, no.2, pp.10-11, 2018
[DSN] Richard Skowyra, Lei Xu, Guofei Gu, Veer Dedhia, Thomas Hobson, Hamed Okhravi, and James Landry, "Effective Topology Tampering Attacks and Defenses in Software-Defined Networks, "Proceedings of 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'18), Luxembourg City, Luxembourg, June 2018
[ACM Book] Stephen Crane, Andrei Homescu, Per Larsen, Hamed Okhravi, Michael Franz, "Diversity and Information Leaks," In The Continuing Arms Race: Code-Reuse Attacks and Defenses, Book, ISBN: 978-1-97000-183-9, pp. 61-79, 2018
2017
[ACSAC] Richard Skowyra, Steven R. Gomez, David Bigelow, James Landry, and
Hamed Okhravi, "QUASAR: Quantitative Attack Space Analysis and Reasoning,"
Proceedings of IEEE Annual Computer
Security Applications Conference
(ACSAC'17), Orlando, FL, 2017
[USENIX Security] Samuel Jero, William Koch, Richard Skowyra, Hamed Okhravi, Cristina Nita-Rotaru, and David Bigelow, "Identifier Binding Attacks and Defenses in Software-Defined Networks," Proceedings of the USENIX Security Symposium (USENIX'17), Vancouver, Canada, 2017
[RAID] Samuel Jero, Xiangyu Bu, Cristina Nita-Rotaru, Hamed Okhravi, and Sonia Fahmy, "BEADS: Automated Attack Discovery in OpenFlow-based SDN Systems," Proceedings of the Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID'17), Atlanta, GA, 2017
[NDSS] Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi, and Hamed Okhravi, "Address-Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity," Proceedings of the Network and Distributed System Security Symposium (NDSS'17), San Diego, CA, 2017
[USENIX Security] Samuel Jero, William Koch, Richard Skowyra, Hamed Okhravi, Cristina Nita-Rotaru, and David Bigelow, "Identifier Binding Attacks and Defenses in Software-Defined Networks," Proceedings of the USENIX Security Symposium (USENIX'17), Vancouver, Canada, 2017
[RAID] Samuel Jero, Xiangyu Bu, Cristina Nita-Rotaru, Hamed Okhravi, and Sonia Fahmy, "BEADS: Automated Attack Discovery in OpenFlow-based SDN Systems," Proceedings of the Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID'17), Atlanta, GA, 2017
[NDSS] Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi, and Hamed Okhravi, "Address-Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity," Proceedings of the Network and Distributed System Security Symposium (NDSS'17), San Diego, CA, 2017
2016
[LL Journal] Hamed
Okhravi, William Streilein, and Kevin Bauer, "Moving Target
Techniques: Leveraging Uncertainty for Cyber Defense,"
Lincoln Laboratory Journal, Special Issue on Cyber Security, Vol. 22,
No. 1, 2016
[MTD] Richard Skowyra, Kevin Bauer, Veer Dedhia, and Hamed Okhravi, "Have No PHEAR: Networks Without Identifiers," Proceedings of the ACM CCS Workshop on Moving Target Defenses (MTD'16), 2016
[MTD] Richard Skowyra, Kevin Bauer, Veer Dedhia, and Hamed Okhravi, "Have No PHEAR: Networks Without Identifiers," Proceedings of the ACM CCS Workshop on Moving Target Defenses (MTD'16), 2016
2015
[CCS] Isaac
Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed
Okhravi, and Stelios Sidiroglou-Douskos, "Control Jujutsu:
On the Weaknesses of Fine-Grained Control Flow Integrity,"
Proceedings of the 22nd ACM Computer and Communications Security
(CCS'15),
Denver, CO, 2015
[CCS] David Bigelow, Thomas Hobson, Robert Rudd, William Streilein, and Hamed Okhravi, "Timely Rerandomization for Mitigating Memory Disclosures," Proceedings of the 22nd ACM Computer and Communications Security (CCS'15), Denver, CO, 2015
[Oakland] Isaac Evans, Samuel Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi, "Missing the Point(er): On the Effectiveness of Code Pointer Integrity," Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland'15), San Jose, CA, 2015
[HST] Paula Donovan, Jeffrey McLamb, Hamed Okhravi, James Riordan, and Charles V. Wright. "Quantitative evaluation of moving target technology", In Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, pp. 1-7. IEEE, 2015
[RWS] Kevin Bauer, Veer Dedhia, Richard Skowyra, William Streilein, Hamed Okhravi, "Multi-Variant Execution to Protect Unpatched Software," Resilience Week (RWS), 2015, 1-6
[MTD] Thomas Hobson, Hamed Okhravi, David Bigelow, Robert Rudd, and William Streilein, "On the Challenges of Effective Movement," Proceedings of the ACM CCS Workshop on Moving Target Defenses (MTD'14), 2014
[MTD] Kevin Carter, James Riordan, Hamed Okhravi, "A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses," Proceedings of the ACM CCS Workshop on Moving Target Defenses (MTD'14), 2014
[RAID] Hamed Okhravi, James Riordan, and Kevin Carter, "Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism," Proceedings of the 17th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID’14), Lecture Notes in Computer Science (LNCS), 2014
Award Recipient at the 2015 NSA's 3rd Annual Best Scientific Cybersecurity Paper Competition
[IEEE S&P] Hamed Okhravi, Thomas Hobson, David Bigelow, and William Streilein, "Finding Focus in the Blur of Moving Target Techniques," IEEE Security & Privacy, vol.12, no.2, pp.16-26, Mar.-Apr. 2014
One of the Most Cited IJCIP arcticles.
[MILCOM] Hamed Okhravi, Andrew Johnson, Joshua Haines, Travis Mayberry, and Agnes Chan, "Dedicated vs. Distributed: A Study of Mission Survivability Metrics," Proceedings of the IEEE Military Communications Conference (MILCOM’11), Baltimore, MD, November, 2011
[IFIP CIP] Hamed Okhravi, Adam Comella, Eric I. Robinson, Stephen Yannalfo, Peter W. Michaleas, and Joshua Haines, "Creating a Cyber Moving Target for Critical Infrastructure Applications," Critical Infrastructure Protection V, J. Butts and S. Shenoi (Eds.), IFIP International Federation for Information Processing, Springer, 2011
[High Frontier Journal] Hamed Okhravi, Joshua Haines, and Kyle Ingols, "Achieving Cyber Survivability in a Contested Environment Using a Cyber Moving Target," High Frontier Journal: The Journal for Space and Cyberspace Professionals, vol. 7, no. 3, 2011
[SRCA] Hamed Okhravi, Eric I. Robinson, Adam Comella, Stephen Yannalfo, Peter W. Michaleas, and Joshua Haines, "TALENT: Dynamic Platform Heterogeneity for Cyber Survivability of Mission Critical Applications," Proceedings of Secure and Resilient Cyber Architecture Conference (SRCA'10), McLean, VA, October 29, 2010
[CSIIRW] Hamed Okhravi, Fredrick T. Sheldon, "Data diodes in support of trustworthy cyber infrastructure," Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW'10), Oak Ridge, TN , April 21 -23, 2010
[IET] Stephen Bishop, Hamed Okhravi , Shahram Rahimi and Yung-Chuan Lee, "Covert-Channel Resistant Information Leakage Protection using a Multi-Agent Architecture," IET Information Security Special Issue on Multi-Agent & Distributed Information Security, vol. 4, no. 4, 2010
[SafeConfig] Hamed Okhravi, Ryan H. Kagin and David M. Nicol, "PolicyGlobe: A Framework for Integrating Network and Operating System Security Policies," Proceedings of ACM Workshop on Assurable & Usable Security Configuration (SafeConfig'09), Chicago, IL, November 2009
[IA] Yung-Chuan Lee, Stephen Bishop, Hamed Okhravi and Shahram Rahimi, "Information Leakage Detection in Distributed Systems using Software Agent," Proceedings of IEEE Symposium on Intelligent Agents (IA'09), Nashvile, TN, March 2009
[CCS Poster] Sonia Jahid, Imranul Hoque, Hamed Okhravi and Carl Gunter, "Enhancing Database Access Control with XACML Policy," Poster at 16th ACM Conference on Computer and Communications Security (CCS'09), 2009
[IJCIP] Hamed Okhravi and David Nicol, "Application of Trusted Network Technology to Industrial Control Networks," Elsevier International Journal of Critical Infrastructure Protection (IJCIP), Elsevier, Vol. 2, No. 3, 2009
[ETRCS] Hamed Okhravi, Stephen Bishop, Shahram Rahimi and Yung-Chuan Lee, "A MA-based
System for Information Leakage Detection in Distributed Systems," Emerging Technologies, Robotics and Control Systems, Third Edition, June 2009
[IJCI] Hamed Okhravi and David Nicol, Evaluation of Patch Management Strategies, International Journal of Computational Intelligence: Theory and Practice, Vol. 3, No. 2, Dec 2008
[CCS] David Bigelow, Thomas Hobson, Robert Rudd, William Streilein, and Hamed Okhravi, "Timely Rerandomization for Mitigating Memory Disclosures," Proceedings of the 22nd ACM Computer and Communications Security (CCS'15), Denver, CO, 2015
[Oakland] Isaac Evans, Samuel Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi, "Missing the Point(er): On the Effectiveness of Code Pointer Integrity," Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland'15), San Jose, CA, 2015
[HST] Paula Donovan, Jeffrey McLamb, Hamed Okhravi, James Riordan, and Charles V. Wright. "Quantitative evaluation of moving target technology", In Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, pp. 1-7. IEEE, 2015
[RWS] Kevin Bauer, Veer Dedhia, Richard Skowyra, William Streilein, Hamed Okhravi, "Multi-Variant Execution to Protect Unpatched Software," Resilience Week (RWS), 2015, 1-6
2014
[CCS] Jeff Seibert, Hamed Okhravi, and Eric Soderstrom, "Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code," Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS'14), Scottsdale, AZ, 2014 [MTD] Thomas Hobson, Hamed Okhravi, David Bigelow, Robert Rudd, and William Streilein, "On the Challenges of Effective Movement," Proceedings of the ACM CCS Workshop on Moving Target Defenses (MTD'14), 2014
[MTD] Kevin Carter, James Riordan, Hamed Okhravi, "A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses," Proceedings of the ACM CCS Workshop on Moving Target Defenses (MTD'14), 2014
[RAID] Hamed Okhravi, James Riordan, and Kevin Carter, "Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism," Proceedings of the 17th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID’14), Lecture Notes in Computer Science (LNCS), 2014
Award Recipient at the 2015 NSA's 3rd Annual Best Scientific Cybersecurity Paper Competition
[IEEE S&P] Hamed Okhravi, Thomas Hobson, David Bigelow, and William Streilein, "Finding Focus in the Blur of Moving Target Techniques," IEEE Security & Privacy, vol.12, no.2, pp.16-26, Mar.-Apr. 2014
2013
[RAID] Richard Skowyra, Kelly Casteel, Hamed Okhravi, and William Streilein, "Systematic Analysis of Defenses Against Return-Oriented Programming," Proceedings of the 16th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID’13), Lecture Notes in Computer Science (LNCS), Vol. 8145, pp. 82-102, 20132012
[IJCIP] Hamed Okhravi, Adam Comella, Eric Robinson, and Joshua Haines, "Creating a Cyber Moving Target for Critical Infrastructure Applications Using Platform Diversity," Elsevier International Journal of Critical Infrastructure Protection (IJCIP), vol. 5, no. 1, 2012
One of the Most Cited IJCIP arcticles.
2011
[CODASPY] Sonia Jahid, Imranul Hoque, Carl Gunter, and Hamed Okhravi, "MyABDAC: Compiling XACML Policies for Attribute-Based Database Access Control," Proceedings of the First ACM Conference on Data and Application Security and Privacy (CODASPY'10), San Antonio, TX, Feb 21-23, 2011[MILCOM] Hamed Okhravi, Andrew Johnson, Joshua Haines, Travis Mayberry, and Agnes Chan, "Dedicated vs. Distributed: A Study of Mission Survivability Metrics," Proceedings of the IEEE Military Communications Conference (MILCOM’11), Baltimore, MD, November, 2011
[IFIP CIP] Hamed Okhravi, Adam Comella, Eric I. Robinson, Stephen Yannalfo, Peter W. Michaleas, and Joshua Haines, "Creating a Cyber Moving Target for Critical Infrastructure Applications," Critical Infrastructure Protection V, J. Butts and S. Shenoi (Eds.), IFIP International Federation for Information Processing, Springer, 2011
[High Frontier Journal] Hamed Okhravi, Joshua Haines, and Kyle Ingols, "Achieving Cyber Survivability in a Contested Environment Using a Cyber Moving Target," High Frontier Journal: The Journal for Space and Cyberspace Professionals, vol. 7, no. 3, 2011
2010
[HST] Hamed Okhravi, Stanley Bak, and Samuel T. King, "Design, Implementation and Evaluation of Covert Channel Attacks," Proceedings of the IEEE Conference on Homeland Security Technologies (IEEE HST'10),Wltham, MA , November 8 - 10, 2010
[SRCA] Hamed Okhravi, Eric I. Robinson, Adam Comella, Stephen Yannalfo, Peter W. Michaleas, and Joshua Haines, "TALENT: Dynamic Platform Heterogeneity for Cyber Survivability of Mission Critical Applications," Proceedings of Secure and Resilient Cyber Architecture Conference (SRCA'10), McLean, VA, October 29, 2010
[CSIIRW] Hamed Okhravi, Fredrick T. Sheldon, "Data diodes in support of trustworthy cyber infrastructure," Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW'10), Oak Ridge, TN , April 21 -23, 2010
[IET] Stephen Bishop, Hamed Okhravi , Shahram Rahimi and Yung-Chuan Lee, "Covert-Channel Resistant Information Leakage Protection using a Multi-Agent Architecture," IET Information Security Special Issue on Multi-Agent & Distributed Information Security, vol. 4, no. 4, 2010
2009
[ACSAC] Hamed Okhravi and David M. Nicol, "TrustGraph: Trusted Graphics Subsystem for High Assurance Systems," Proceedings of IEEE Annual Computer Security Applications Conference (ACSAC'09), Honolulu, HI, December 2009
[SafeConfig] Hamed Okhravi, Ryan H. Kagin and David M. Nicol, "PolicyGlobe: A Framework for Integrating Network and Operating System Security Policies," Proceedings of ACM Workshop on Assurable & Usable Security Configuration (SafeConfig'09), Chicago, IL, November 2009
[IA] Yung-Chuan Lee, Stephen Bishop, Hamed Okhravi and Shahram Rahimi, "Information Leakage Detection in Distributed Systems using Software Agent," Proceedings of IEEE Symposium on Intelligent Agents (IA'09), Nashvile, TN, March 2009
[CCS Poster] Sonia Jahid, Imranul Hoque, Hamed Okhravi and Carl Gunter, "Enhancing Database Access Control with XACML Policy," Poster at 16th ACM Conference on Computer and Communications Security (CCS'09), 2009
[IJCIP] Hamed Okhravi and David Nicol, "Application of Trusted Network Technology to Industrial Control Networks," Elsevier International Journal of Critical Infrastructure Protection (IJCIP), Elsevier, Vol. 2, No. 3, 2009
[ETRCS] Hamed Okhravi, Stephen Bishop, Shahram Rahimi and Yung-Chuan Lee, "A MA-based
System for Information Leakage Detection in Distributed Systems," Emerging Technologies, Robotics and Control Systems, Third Edition, June 2009
2008
[IFIP CIP] Hamed Okhravi and David Nicol, "Chapter5: Applying Trusted Network Technology To Process Control Systems," Critical Infrastructure Protection II, E. Goetz and S. Shenoi (Eds.), International Federation for Information Processing (IFIP), Springer, Boston, ISBN: 978-0-387-88522-3, 2008
[IJCI] Hamed Okhravi and David Nicol, Evaluation of Patch Management Strategies, International Journal of Computational Intelligence: Theory and Practice, Vol. 3, No. 2, Dec 2008
2006
[NAPS] Matt Davis, Zeb Tate, Hamed Okhravi, Chris Grier, Tom J. Overbye, and David M. Nicol, "SCADA Cyber Security Testbed Development," Proceedings of North American Power Symposium (NAPS'06), Carbondale, IL, pp. 483-488, September 2006
2005
[WSC] David M. Nicol and Hamed Okhravi, "Performance analysis of Binary Code Protection," Proceedings of Winter Simulation Conference (WSC'05), Orlando, FL, pp. 601-610, December 2005Other Publications
Theses Supervised
- Yianni Giannaris, Securing
Operating Systems using Hardware-Enforced Compartmentalization. Master of
Engineering Thesis in Computer Science and Engineering, Massachusetts
Institute of Technology, 2021
- Elijah Rivera,
Preserving Memory Safety in Safe Rust during
Interactions with Unsafe Languages. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute of Technology, 2021
- Alexander Huang, Software
Defined Memory Ownership System. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute of Technology, 2020
- Claire Nord, Retry-Free
Software Transactional Memory in Rust. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute of Technology, 2020
- Jennifer Switzer, Preventing
IPC-facilitated type confusion in Rust. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute of Technology, 2020
- Justin Restivo, A
Zero Kernel Operating System: Rethinking Microkernel Design by Leveraging
Tagged Architectures and Memory-Safe Languages. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute of Technology, 2020
- Tiffany Tang, Security and Performance Analysis of Custom Memory Allocators. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute
of Technology, 2019
- Jakob Weisblat, Improving Security at the System-Call Boundary in a Type-Safe Operating System. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute
of Technology, 2018
- Madeleine Dawson, Secure Input Validation in Rust with Parsing-Expression Grammars. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute
of Technology, 2018
- Ronald Gil, The Undefined Quest for Full Memory Safety. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute
of Technology, 2017
- Isaac
Evans, Analysis of Defenses Against Code Reuse Attacks on
Modern and New Architectures. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute
of Technology, 2015
- Ulziibayar Otgonbaatar, Evaluating
Modern Defenses Against Control Flow
Hijacking. Master
of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute
of Technology, 2015
- Eric Soderstrom, Analysis
of Return
Oriented Programming and Countermeasures. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute
of Technology, 2014
- Kelly Casteel, A Systematic Analysis
of Defenses Against Code Reuse Attacks. Master of Engineering Thesis in
Computer Science and Engineering, Massachusetts Institute
of Technology, 2013
Technical Reports
- Bryan Ward,
Steven Gomez, Richard Skowyra, David Bigelow, Jason Martin, James
Landry, and Hamed
Okhravi, Survey
of Cyber Moving Targets - Second Edition,
Massachusetts Institute
of Technology Lincoln Laboratory, Technical Report 1228, 2018
- Hamed
Okhravi, Thomas Hobson, Chad Meiners, and William Streilein,
A Study of Gaps in Attack Analysis,
Massachusetts Institute
of Technology Lincoln Laboratory, Technical Report 1193, 2016
- George Baah, Thomas Hobson,
Hamed Okhravi, Shannon Roberts, William
Streilein, and Sophia Yuditskaya, A Study of
Gaps in Cyber Defense Automation,
Massachusetts Institute
of Technology Lincoln Laboratory, Technical Report 1194, 2016
- George Baah,
Hamed Okhravi, Shannon Roberts, Richard
Skowyra, and William Streilein, A Study of Gaps
in Network Knowledge Synthesis,
Massachusetts Institute
of Technology Lincoln Laboratory, Technical Report 1195, 2016
- Kevin Bauer, Thomas Hobson,
Hamed Okhravi, Shannon Roberts, and William
Streilein, A Study of Gaps in Defensive
Countermeasures for Web Security,
Massachusetts Institute
of Technology Lincoln Laboratory, Technical Report 1196, 2016
- Hamed Okhravi,
Mark Rabe, Travis Mayberry, William
Leonard, Thomas Hobson, David Bigelow, and William Streilein.
Survey of Cyber Moving Targets,
Massachusetts Institute
of Technology Lincoln Laboratory, Technical Report 1166, 2013
Theses
- Hamed Okhravi. Trusted and High Assurance Systems. Ph.D. Dissertation, University of Illinois at Urbana Champaign, 2010
- Hamed
Okhravi. Security
Policy
Integration and Consistency Validation. M.S. Thesis,
University of Illinois at Urbana Champaign,. M.S. Thesis,
University of Illinois at Urbana Champaign, 2006
- Hamed Okhravi. Design and Implementation of Network Control, Supervision, and Policy Management System with High Security Feature. B.Sc. Thesis, Sharif University of Technology, 2003