Search

Your search keyword '"Muntean, Paul"' showing total 32 results
Start Over Author "Muntean, Paul"
32 results on '"Muntean, Paul"'

1. Analyzing Control Flow Integrity with LLVM-CFI

Author

Muntean, Paul, Neumayer, Matthias, Lin, Zhiqiang, Tan, Gang, Grossklags, Jens, and Eckert, Claudia

Subjects
Computer Science - Cryptography and Security
Abstract

Control-flow hijacking attacks are used to perform malicious com-putations. Current solutions for assessing the attack surface afteracontrol flow integrity(CFI) policy was applied can measure onlyindirect transfer averages in the best case without providing anyinsights w.r.t. the absolute calltarget reduction per callsite, and gad-get availability. Further, tool comparison is underdeveloped or notpossible at all. CFI has proven to be one of the most promising pro-tections against control flow hijacking attacks, thus many effortshave been made to improve CFI in various ways. However, there isa lack of systematic assessment of existing CFI protections. In this paper, we presentLLVM-CFI, a static source code analy-sis framework for analyzing state-of-the-art static CFI protectionsbased on the Clang/LLVM compiler framework.LLVM-CFIworksby precisely modeling a CFI policy and then evaluating it within aunified approach.LLVM-CFIhelps determine the level of securityoffered by different CFI protections, after the CFI protections weredeployed, thus providing an important step towards exploit cre-ation/prevention and stronger defenses. We have usedLLVM-CFIto assess eight state-of-the-art static CFI defenses on real-worldprograms such as Google Chrome and Apache Httpd.LLVM-CFIprovides a precise analysis of the residual attack surfaces, andaccordingly ranks CFI policies against each other.LLVM-CFIalsosuccessfully paves the way towards construction of COOP-like codereuse attacks and elimination of the remaining attack surface bydisclosing protected calltargets under eight restrictive CFI policies., Comment: Accepted for publication at ACSAC'19 conference. arXiv admin note: substantial text overlap with arXiv:1812.08496

Published
2019
Full Text
View/download PDF

2. Automated CFI Policy Assessment with Reckon

Author

Muntean, Paul

Subjects
Computer Science - Cryptography and Security
Abstract

Protecting programs against control-flow hijacking attacks recently has become an arms race between defenders and attackers. While certain defenses, e.g., \textit{Control Flow Integrity} (CFI), restrict the targets of indirect control-flow transfers through static and dynamic analysis, attackers could search the program for available gadgets that fall into the legitimate target sets to bypass the defenses. There are several tools helping both attackers in developing exploits and analysts in strengthening their defenses. Yet, these tools fail to adequately (1) model the deployed defenses, (2) compare them in a head-to-head way, and (3) use program semantic information to help craft the attack and the countermeasures. Control Flow Integrity (CFI) has proved to be one of the promising defenses against control flow hijacks and tons of efforts have been made to improve CFI in various ways in the past decade. However, there is a lack of a systematic assessment of the existing CFI defenses. In this paper, we present Reckon, a static source code analysis tool for assessing state-of-the-art static CFI defenses, by first precisely modeling them and then evaluating them in a unified framework. Reckon helps determine the level of security offered by different CFI defenses, and find usable code gadgets even after the CFI defenses were applied, thus providing an important step towards successful exploits and stronger defenses. We have used Reckon to assess eight state-of-the-art static CFI defenses on real-world programs such as Google's Chrome and Apache Httpd. Reckon provides precise measurements of the residual attack surfaces, and accordingly ranks CFI policies against each other. It also successfully paves the way to construct code reuse attacks and to eliminate the remaining attack surface, by disclosing calltargets under one of the most restrictive CFI defenses.

Published
2018

3. IntRepair: Informed Repairing of Integer Overflows

Author

Muntean, Paul, Monperrus, Martin, Sun, Hao, Grossklags, Jens, and Eckert, Claudia

Subjects
Computer Science - Software Engineering
Abstract

Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1%, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairs, Comment: Accepted for publication at the IEEE TSE journal. arXiv admin note: text overlap with arXiv:1710.03720

Published
2018
Full Text
View/download PDF

4. Practical Integer Overflow Prevention

Author

Muntean, Paul, Grossklags, Jens, and Eckert, Claudia

Subjects
Computer Science - Cryptography and Security, Computer Science - Software Engineering
Abstract

Integer overflows in commodity software are a main source for software bugs, which can result in exploitable memory corruption vulnerabilities and may eventually contribute to powerful software based exploits, i.e., code reuse attacks (CRAs). In this paper, we present IntGuard , a tool that can repair integer overflows with high-quality source code repairs. Specifically, given the source code of a program, IntGuard first discovers the location of an integer overflow error by using static source code analysis and satisfiability modulo theories (SMT) solving. IntGuard then generates integer multi-precision code repairs based on modular manipulation of SMT constraints as well as an extensible set of customizable code repair patterns. We have implemented and evaluated IntGuard with 2052 C programs (approx. 1 Mil. LOC) available in the currently largest open- source test suite for C/C++ programs and with a benchmark containing large and complex programs. The evaluation results show that IntGuard can precisely (i.e., no false positives are accidentally repaired), with low computational and runtime overhead repair programs with very small binary and source code blow-up. In a controlled experiment, we show that IntGuard is more time-effective and achieves a higher repair success rate than manually generated code repairs., Comment: 20 pages

Published
2017

5. Mobile Robot Navigation on Partially Known Maps using a Fast A Star Algorithm Version

Author

Muntean, Paul

Subjects
Computer Science - Robotics
Abstract

Mobile robot navigation in total or partially unknown environments is still an open problem. The path planning algorithms lack completeness and/or performance. Thus, there is the need for complete (i.e., the algorithm determines in finite time either a solution or correctly reports that there is none) and performance (i.e., with low computational complexity) oriented algorithms which need to perform efficiently in real scenarios. In this paper we evaluate the efficiency of two versions of the A star algorithm for mobile robot navigation inside indoor environments with the help of two software applications and the Pioneer 2DX robot. We demonstrate that an improved version of the A star algorithm (we call this the fast A star algorithm) which (a different version of this algorithm is widely used in video games) can be successfully used for indoor mobile robot navigation. We evaluated the two versions of the A star algorithm first, by implementing the algorithms in source code and by testing them on a simulator and second, by comparing two operation modes of the fast A star algorithm w.r.t. path planning efficiency (i.e., completness) and performance (i.e., time need to complete the path traversing) for indoor navigation with the Pioneer 2DX robot. The results obtained with the fast A star algorithm are promising and we think that this results can be further improved by tweaking the algorithm and by using an advanced sensor fusion approach (i.e., combine the inputs of multiple robot sensors) for better dealing with partially known environments.

Published
2016

6. Reliability of body composition assessment using A-mode ultrasound in a heterogeneous sample

Author

Miclos-Balica, Monica, Muntean, Paul, Schick, Falk, Haragus, Horia G., Glisici, Bogdan, Pupazan, Vasile, and Neagu, Adrian

Subjects
Body composition -- Evaluation, Adipose tissues -- Measurement, Ultrasonics in medicine -- Usage, Food/cooking/nutrition, Health
Abstract

Background/Objectives Several studies have addressed the validity of ultrasound (US) for body composition assessment, but few have evaluated its reliability. This study aimed to determine the reliability of percent body fat (%BF) estimates using A-mode US in a heterogeneous sample. Subjects/Methods A group of 144 healthy adults (81 men and 63 women), 30.4 (10.1) years (mean (SD)), BMI 24.6 (4.7) kg/m.sup.2, completed 6 consecutive measurements of the subcutaneous fat layer thickness at 8 anatomical sites. The measurements were done, alternatively, by two testers, using a BodyMetrix[TM] instrument. To compute %BF, 4 formulas from the BodyView[TM] software were applied: 7-sites Jackson and Pollock, 3-sites Jackson and Pollock, 3-sites Pollock, and 1-point biceps. Results The formula with the most anatomic sites provided the best reliability quantified by the following measures: intraclass correlation coefficient (ICC) = 0.979 for Tester 1 (T1) and 0.985 for T2, technical error of measurement (TEM) = 1.07% BF for T1 and 0.89% BF for T2, and minimal detectable change (MDC) = 2.95% BF for T1, and 2.47% BF for T2. The intertester bias was -0.5% BF, whereas the intertester ICC was 0.972. The intertester MDC was 3.43% BF for the entire sample, 3.24% BF for men, and 3.65% BF for women. Conclusions A-mode US is highly reliable for %BF assessments, but it is more precise for men than for women. Examiner performance is a source of variability that needs to be mitigated to further improve the precision of this technique., Author(s): Monica Miclos-Balica [sup.1] , Paul Muntean [sup.1] , Falk Schick [sup.1] , Horia G. Haragus [sup.2] , Bogdan Glisici [sup.1] , Vasile Pupazan [sup.1] , Adrian Neagu [sup.1] [sup.3] [...]

Published
2021
Full Text
View/download PDF

7. Anthropometric Formulas Repurposed to Predict Body Fat Content from Ultrasound Measurements of Subcutaneous Fat Thickness.

Author

Muntean, Paul, Miclos-Balica, Monica, Macavei, George Andrei, Munteanu, Oana, Neagu, Adrian, and Neagu, Monica

Subjects
*BODY composition, *FAT, *ANATOMICAL planes, *SKINFOLD thickness, *CONDUCT of life
Abstract

Body composition assessment helps conducting a healthy life or tracking the effectiveness of a weight management therapy. Ultrasound (US)-based body composition research has gained momentum because of the emergence of portable and inexpensive instruments bundled with user-friendly software. Previously, US-based assessment of body fat percentage (% BF) was found precise, but inaccurate in certain populations. Therefore, this study sought to compute % BF from subcutaneous fat thicknesses (SFs) given by US converting an anthropometric formula that involves skinfold thicknesses (SKFs) measured at the same sites. The symmetry of the body with respect to the central sagittal plane is an underlying assumption in both anthropometry and US-based body composition assessment, so measurements were taken on the right side of the body. Relying on experimental data on skinfold compressibility, we adapted 33 SKF formulas for US use and tested their validity against air displacement plethysmography on a study group of 97 women (BMI = 25.4 ± 6.4 kg/m2, mean ± SD) and 107 men (BMI = 26.7 ± 5.7 kg/m2). For both sexes, the best proprietary formula had Lin's concordance correlation coefficient (CCC) between 0.7 and 0.73, standard error of estimate (SEE) < 3% BF and total error (TE) > 6% BF—mainly because of the underestimation of % BF in overweight and obese subjects. For women (men) the best adapted formula had CCC = 0.85 (0.80), SEE = 3.2% (2.4%) BF, and TE = 4.6% (5.4%) BF. Remarkably, certain adapted formulas were more accurate for overweight and obese people than the proprietary equations. In conclusion, anthropometric equations provide useful starting points in the quest for novel formulas to estimate body fat content from ultrasound measurements. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

9. A Framework for the Creation of Mobile Educational Games for Dyslexic Children

Author

Haladjian, Juan, Richter, Daniel, and Muntean, Paul

Abstract

Dyslexia is a reading disability that can, in some cases, be cured. The most frequent treatment for dyslexia consists on repeatedly performing certain word exercises. Because most dyslexic patients are young children, most applications for word training are games. The development of such games is costly and it involves different parts (developers, psychologists, etc.). In this paper, we analyze and review the advantages of mobile devices in education and healthcare and present a framework for the creation of games for vocabulary training on mobile devices. The main goal of the framework is to enable the reusability of features typically present in applications for dyslexia training. The main advantage is the rapid development of such games by reducing the dependency of collaboration between developers and experts in the field. We also demonstrate the usage of our framework in the creation of a simple game called ReadPoker. [For the full proceedings, see ED562140.]

Published
2013

10. CastSan: Efficient Detection of Polymorphic C++ Object Type Confusions with LLVM

Author

Muntean, Paul, Wuerl, Sebastian, Grossklags, Jens, Eckert, Claudia, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Lopez, Javier, editor, Zhou, Jianying, editor, and Soriano, Miguel, editor

Published
2018
Full Text
View/download PDF

11. CFI: Type-Assisted Control Flow Integrity for x86-64 Binaries

Author

Muntean, Paul, Fischer, Matthias, Tan, Gang, Lin, Zhiqiang, Grossklags, Jens, Eckert, Claudia, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Bailey, Michael, editor, Holz, Thorsten, editor, Stamatogiannakis, Manolis, editor, and Ioannidis, Sotiris, editor

Published
2018
Full Text
View/download PDF

12. Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT

Author

Muntean, Paul, Kommanapalli, Vasantha, Ibing, Andreas, Eckert, Claudia, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Koornneef, Floor, editor, and van Gulijk, Coen, editor

Published
2015
Full Text
View/download PDF

16. Learning Effects in Air Displacement Plethysmography.

Author

Muntean, Paul, Popa, Anca, Miclos-Balica, Monica, Schick, Falk, Munteanu, Oana, Pupazan, Vasile, Neagu, Adrian, and Neagu, Monica

Subjects
*RANDOM effects model, *PLETHYSMOGRAPHY, *MEASUREMENT errors, *INTRACLASS correlation, *TRIAL practice, *STATISTICAL reliability
Abstract

Air displacement plethysmography (ADP) is a widespread technique for assessing global obesity in both health and disease. The reliability of ADP has been demonstrated by studies focused on duplicate trials. The present study was purported to evaluate learning effects on the reliability of body composition assessment using the BOD POD system, the sole commercially available ADP instrument. To this end, quadruplicate trials were performed on a group of 105 subjects (51 women and 54 men). We estimated measurement error from pairs of consecutive trials—(1,2), (2,3), and (3,4)—to test the hypothesis that early measurements are subject to larger errors. Indeed, statistical analysis revealed that measures of reliability inferred from the first two trials were inferior to those computed for the other pairs of contiguous trials: for percent body fat (%BF), the standard error of measurement (SEM) was 1.04% for pair (1,2), 0.71% for pair (2,3), and 0.66% for pair (3,4); the two-way random effects model intraclass correlation coefficient (ICC) was 0.991 for pair (1,2), and 0.996 for pairs (2,3) and (3,4). Our findings suggest that, at least for novice subjects, the first ADP test should be regarded as a practice trial. When the remaining trials were pooled together, the reliability indices of single ADP tests were the following: ICC = 0.996, SEM = 0.70%, and minimum detectable change (MDC) = 1.93% for %BF, and ICC = 0.999, SEM = 0.49 kg, and MDC = 1.35 kg for fat-free mass (FFM). Thus, the present study pleads for eliminating learning effects to further increase the reliability of ADP. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

22. Abwehr von fortgeschrittenen Code Wiederverwendung Angriffen

Author

Muntean, Paul Ioan, Eckert, Claudia (Prof. Dr.), and Lin, Zhiqiang (Prof. Dr.)

Subjects
ddc:020, Bibliotheks- und Informationswissenschaften, Source code, LLVM, symbolic analysis, static source code analysis, Dynamische Analyse, Quellcode, LLVM, Symbolische Analyse, Statische Quellcode Analyse, Dynamische Analyse
Abstract

This work deals with the mitigation of advanced code reuse attacks by first providing techniques to statically analyze source code in order to find software faults and then provides techniques to automatically generate code repairs. Further, this work proposes dynamic analysis methods based on compiler software hardening used for mitigating advanced code reuse attacks during runtime. Lastly, the results presented in this work have been published in top tier security conferences and journals. Diese Arbeit befasst sich mit der Abschwächung fortgeschrittener Code Wiederverwendung Angriffe, indem zunächst Techniken zur statischen Analyse des Quellcodes bereitgestellt werden, um Softwarefehler zu finden, und anschließend Techniken zur automatischen Generierung von Codereparaturen bereitgestellt werden. Darüber hinaus werden dynamische Analysemethoden vorgeschlagen, die auf der Härtung von Software basieren und zur Minderung Code Wiederverwendung Angriffe verwendet werden.

Published
2021

23. Mitigation of Advanced Code Reuse Attacks

Author

Eckert, Claudia (Prof. Dr.), Lin, Zhiqiang (Prof. Dr.), Muntean, Paul Ioan, Eckert, Claudia (Prof. Dr.), Lin, Zhiqiang (Prof. Dr.), and Muntean, Paul Ioan

Abstract

This work deals with the mitigation of advanced code reuse attacks by first providing techniques to statically analyze source code in order to find software faults and then provides techniques to automatically generate code repairs. Further, this work proposes dynamic analysis methods based on compiler software hardening used for mitigating advanced code reuse attacks during runtime. Lastly, the results presented in this work have been published in top tier security conferences and journals., Diese Arbeit befasst sich mit der Abschwächung fortgeschrittener Code Wiederverwendung Angriffe, indem zunächst Techniken zur statischen Analyse des Quellcodes bereitgestellt werden, um Softwarefehler zu finden, und anschließend Techniken zur automatischen Generierung von Codereparaturen bereitgestellt werden. Darüber hinaus werden dynamische Analysemethoden vorgeschlagen, die auf der Härtung von Software basieren und zur Minderung Code Wiederverwendung Angriffe verwendet werden.

Published
2021

28. <sc>IntRepair</sc>: Informed Repairing of Integer Overflows

Author

Muntean, Paul, Monperrus, Martin, Sun, Hao, Grossklags, Jens, and Eckert, Claudia

Abstract

Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1 percent, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairs.

Published
2021
Full Text
View/download PDF

32. THE ROLE OF AIR DISPLACEMENT PLETHYSMOGRAPHY AND ABDOMINAL ULTRASOUND IN ASSESSING BODY FAT: A PILOT STUDY OF CORRELATION WITH BODY MASS INDEX.

Author

Muntean, Paul Sebastian, Micloș-Balica, Monica, Pupăzan, Vasile, Neagu, Monica, and Neagu, Adrian

Subjects
*BODY composition, *BODY mass index, *ABDOMINAL adipose tissue, *PLETHYSMOGRAPHY, *PILOT projects
Abstract

Obesity is a pathological condition with an alarming increase in prevalence worldwide that contribute to the global burden of chronic diseases. Body mass index (BMI), albeit currently used in clinical practice to diagnose obesity in adults, is a simple, age and sex-independent weight-for-height index, but it does not provide information on fatness. Measurement of body fat is nowadays mandatory since adiposity (as opposed to BMI) determines the cardiometabolic risk. The present study was double aimed: i) to assess the body fat percentage (BF%) via the air displacement plethysmography (ADP) and the abdominal subcutaneous adipose tissue (SAT) via the A-mode ultrasound (US) and ii) to assess their correlations with the BMI. For each patient, three ADP tests and three US measurements of the SAT layer thickness were taken. The median of the recorded values as the result of a triplicate assessment was used for computation. A number of 43 obese patients were included in our study (19 men and 24 women). BMI was 35.2±4.5 kg/m2 (mean±SD), ranging from 30.4 to 47.9 kg/m2, whereas BF% was 42.4±6.8 %, ranging from 28.4 to 56.4 %. The coefficient of determination (R2) for BF% vs. BMI was 0.52 for men and 0.39 for women. As for abdominal SAT thickness vs. BMI, R2 was 0.67 for men and 0.27 for women. In conclusion, especially in women, BMI is a poor indicator of body adiposity assessed by two independent methods. [ABSTRACT FROM AUTHOR]

Published
2019

Catalog

Books, media, physical & digital resources
See catalog results