Stijn Volckaert

GitHub Profile Scholar Profile

Biography

I am an Associate Professor in the DistriNet research group at KU Leuven's - Campus in Ghent, Belgium. I teach computer science classes, lead a small team of computer security researchers, and I am the master thesis coordinator for the Electronics and ICT Engineering Technology program.

From December 2015 until July 2018, I was a Postdoctoral Scholar in Professor Michael Franz's Secure Systems Lab lab at the Donald Bren School of Information and Computer Science at UC Irvine.

I obtained my PhD degree from Ghent University, Belgium in 2015 under the supervision of Professors Bjorn De Sutter and Koen De Bosschere. In my PhD dissertation, I proposed new techniques to improve the security, performance and applicability of Multi-Variant Execution systems. I was funded by the Agency for Innovation by Science and Technology. ReMon/GHUMVEE, the Multi-Variant Execution system I built during my research is available on GitHub.

My dissertation was awarded the IBM Innovation Award 2016 for an outstanding PhD thesis in Computer Science.

During my time at Ghent University, I was a teaching assistant for the Compilers and Computer Architecture classes. I also co-organized, presented, and designed many of the hacking challenges for the Ethical Hacking Workshops we offered to the Computer Science and Informatics students.

Beside my academic carreer, I also have a couple of cool gaming side-projects!

Research

My research interests include:

Publications

Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps.
Karel Dhondt, Victor Le Pochat, Yana Dimova, Wouter Joosen, and Stijn Volckaert.
In USENIX Security Symposium (SEC'24).
Accepted. Publication embargo ends on 14 AUG 2024

A run a day won't keep the hacker away: Inference Attacks on Endpoint Privacy Zones in Fitness Tracking Social Networks
Karel Dhondt, Victor Le Pochat, Alexios Voulimeneas, Wouter Joosen, and Stijn Volckaert.
In Conference on Computer and Communications Security (CCS'22).
[Acceptance Rate: 218/971=22.5%]

Sharing is Caring: Secure and Efficient Shared Memory Support for MVEEs
Jonas Vinck, Bert Abrath, Bart Coppens, Alexios Voulimeneas, Bjorn De Sutter, and Stijn Volckaert.
In European Conference on Computer Systems (EuroSys'22).
[Acceptance Rate: 45/162=27.78%]

You Shall Not (by)Pass! Practical, Secure, and Fast PKU-based Sandboxing
Alexios Voulimeneas, Jonas Vinck, Ruben Mechelinck, and Stijn Volckaert.
In European Conference on Computer Systems (EuroSys'22).
[Acceptance Rate: 45/162=27.78%]

PKRU-Safe: Automatically Locking Down the Heap Between Safe and Unsafe Languages
Paul Kirth, Mitchel Dickerson, Stephen Crane, Per Larsen, Adrian Dabrowski, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz.
In European Conference on Computer Systems (EuroSys'22).
[Acceptance Rate: 45/162=27.78%]
[Best Paper Award!]

dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting
Alexios Voulimeneas, Dokyung Song, Per Larsen, Michael Franz, and Stijn Volckaert.
In European Workshop on Systems Security (EuroSec'21).

CoDaRR: Continuous Data Space Randomization against Data-Only Attacks
Prabhu Rajasekaran, Stephen Crane, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz.
In ACM Asia Conference on Computer and Communications Security (AsiaCCS'20).
[Acceptance Rate: 67/308=21.75%]

Distributed Heterogeneous N-Variant Execution
Alexios Voulimeneas, Dokyung Song, Fabian Parzefall, Yeoul Na, Per Larsen, Michael Franz, and Stijn Volckaert.
In Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'20).
[Acceptance Rate: 13/50=26%]

BinRec: Dynamic Binary Lifting and Recompilation - The Best Thing Since Sliced Binaries
Anil Altinay, Joe Nash, Taddeus Kroes, Prabhu Rajasekaran, Dixin Zhou, Adrian Dabrowski, David Gens, Yeoul Na, Stijn Volckaert, Cristiano Giuffrida, Herbert Bos, and Michael Franz.
In European Conference on Computer Systems (EuroSys'20).
[Acceptance Rate: 43/234=18.38%]

NoJITsu: Locking Down JavaScript Engines
Taemin Park, Karel Dhondt, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz.
In Network and Distributed System Security Symposium (NDSS'20).
[Acceptance Rate: 88/506=17.39%]

KALD: Detecting Direct Pointer Disclosure Vulnerabilities
Brian Belleville, Wenbo Shen, Stijn Volckaert, Ahmed M. Azab, and Michael Franz.
In IEEE Transactions on Dependable and Secure Computing (2019).
[Impact Factor: 4.410]

SoK: Sanitizing for Security
Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, and Michael Franz.
In IEEE Symposium on Security and Privacy (S&P'19).
[Acceptance Rate: 84/673=12.48%]

PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, and Michael Franz.
In Network and Distributed System Security Symposium (NDSS'19).
[Acceptance Rate: 89/521=17.08%]

BinRec: Attack Surface Reduction Through Dynamic Binary Recovery
Taddeus Kroes, Anil Altinay, Joseph Nash, Yeoul Na, Stijn Volckaert, Herbert Bos, Michael Franz, and Cristiano Giuffrida.
In 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST'18).

BinRec: Attack Surface Reduction Through Dynamic Binary Recovery
Taddeus Kroes, Anil Altinay, Joseph Nash, Yeoul Na, Stijn Volckaert, Herbert Bos, Michael Franz, and Cristiano Giuffrida.
In International Workshop on SoftwAre debLoating And Delayering (SALAD'18).

Hardware-Assisted Randomization of Data
Brian Belleville, Hyungon Moon, Jangseop Shin, Dongil Hwang, Joseph Nash, Seonhwa Jung, Yeoul Na, Stijn Volckaert, Per Larsen, Yunheung Paek, and Michael Franz.
In International Symposium on Research in Attacks, Intrusions and Defenses (RAID'18).
[Acceptance Rate: 33/145=22.76%]

PartiSan: Fast and Flexible Sanitization via Run-time Partitioning
Julian Lettner, Dokyung Song, Taemin Park, Stijn Volckaert, Per Larsen, and Michael Franz.
In International Symposium on Research in Attacks, Intrusions and Defenses (RAID'18).
[Acceptance Rate: 33/145=22.76%]

Bytecode Corruption Attacks Are Real - And How To Defend Against Them
Taemin Park, Julian Lettner, Yeoul Na, Stijn Volckaert, Michael Franz.
In International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'18).
[Acceptance Rate: 18/59=30.51%]

Accelerating Dynamically-Typed Languages on Heterogeneous Platforms Using Guards Optimization
Mohaned Qunaibit, Stefan Brunthaler, Yeoul Na, Stijn Volckaert, Michael Franz.
In 32nd European Conference on Object-Oriented Programming (ECOOP'18).

Multi-Variant Execution Environments
in "The Continuing Arms Race: Code-Reuse Attacks and Defenses"
Bart Coppens, Bjorn De Sutter, Stijn Volckaert.
Morgan & Claypool, 2018.

Venerable Variadic Vulnerabilities Vanquished
Priyam Biswas, Alessandro Di Federico, Scott A. Carr, Prabhu Rajasekaran, Stijn Volckaert, Yeoul Na, Michael Franz, and Mathias Payer.
In 26th USENIX Security Symposium (SEC'17), USENIX, 2017.
[Acceptance Rate: 85/522=16.28%]

Taming Parallelism in a Multi-Variant Execution Environment
Stijn Volckaert, Bart Coppens, Bjorn De Sutter, Koen De Bosschere, Per Larsen, and Michael Franz.
In 12th European Conference on Computer Systems (EuroSys'17), ACM, 2017.
[Acceptance Rate: 41/201=20.39%]

Tightly-coupled self-debugging software protection
Bert Abrath, Bart Coppens, Stijn Volckaert, Joris Wijnant, and Bjorn De Sutter.
In 6th Workshop on Software Security, Protection, and Reverse Engineering (SSPREW'16), ACM, 2016.

Composition Challenges for Automated Software Diversity
Benjamin Davis, Per Larsen, Stijn Volckaert, Simon Winwood, David Melski, Michael Franz, and Stephen Magill.
In 10th Layered Assurance Workshop (LAW'16), ACM, 2016.

Secure and Efficient Application Monitoring and Replication
Stijn Volckaert, Bart Coppens, Alexios Voulimeneas, Andrei Homescu, Per Larsen, Bjorn De Sutter, and Michael Franz.
In 2016 USENIX Annual Technical Conference (ATC'16), pages 167-179. USENIX, 2016.
[Acceptance Rate: 47/266=17.6%]

It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks
Stephen Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, Michael Franz.
In Conference on Computer and Communications Security (CCS'15), pages 243-255. ACM, 2015.
[Acceptance Rate: 128/646=19.4%]

Advanced Techniques for Multi-Variant Execution
Stijn Volckaert.
PhD dissertation, Ghent University, 2015.

Cloning your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution
Stijn Volckaert, Bart Coppens, and Bjorn De Sutter.
In IEEE Transactions on Dependable and Secure Computing (Volume 13, Issue 4, July-Aug 2016).
[Impact Factor: 4.410]

Obfuscating Windows DLLs
Bert Abrath, Bart Coppens, Stijn Volckaert, and Bjorn De Sutter.
In 1st International Workshop on Software Protection (SPRO'15), IEEE, 2015.

GHUMVEE: Efficient, effective, and flexible replication
Stijn Volckaert, Bjorn De Sutter, Tim De Baets, and Koen De Bosschere.
In 5th International Symposium on Foundations and Practice of Security (FPS'12), pages 261-277. Springer, 2013.

DNS tunneling for network penetration
Daan Raman, Bjorn De Sutter, Bart Coppens, Stijn Volckaert, Koen De Bosschere, Pieter Danhieux, Erik Van Buggenhout.
In International Conference on Information Security and Cryptology (ICISC'12), pages 65-77. Springer, 2012.

Professional Activities

Program Committee Member

Journal Reviewer

External Reviewer

Teaching

Students

Current PhD Students

Current Master Thesis Students

Former Postdoctoral Scholars

Graduated Master Thesis Students

Other Activities

I am a member of the OldUnreal developer team where I lead the effort to maintain the code base of Unreal Tournament (99). OldUnreal is a group of game developers that maintains (with the permission of the original developers) and works on audio and video rendering enhancements for older Unreal Engine games.

I am also the creator and maintainer of Anti-Cheat Engine (ACE). ACE is a native cheat protection tool for several online games based on Unreal Engine. ACE monitors the integrity each player's in-memory game state and hardens the game's UnrealScript interpreter. Some integrity violations ACE detects include native code patches in game files and system libraries ("hooks"), import/export table patches, virtual function table patches, replacement of critical game objects, bytecode patches, suspicious accesses to critical data structures, ... ACE is/was a mandatory tool in most online gaming leagues that hosted competitions for Unreal Engine games, including ClanBase (now defunct), ESL, UTAssault, and Major League UT.

Open Positions

I currently have no open positions.