Biography
I am an Associate Professor in the DistriNet research group at KU Leuven's - Campus in Ghent, Belgium. I teach computer science classes, lead a small team of computer security researchers, and I am the Head of the Electronics and ICT Engineering Technology programme for campusses Bruges and Ghent, and the Master Thesis Coordinator for campus Ghent.
From December 2015 until July 2018, I was a Postdoctoral Scholar in Professor Michael Franz's Secure Systems Lab lab at the Donald Bren School of Information and Computer Science at UC Irvine.
I obtained my PhD degree from Ghent University, Belgium in 2015 under the supervision of Professors Bjorn De Sutter and Koen De Bosschere. In my PhD dissertation, I proposed new techniques to improve the security, performance and applicability of Multi-Variant Execution systems. I was funded by the Agency for Innovation by Science and Technology. ReMon/GHUMVEE, the Multi-Variant Execution system I built during my research is available on GitHub.
My dissertation was awarded the IBM Innovation Award 2016 for an outstanding PhD thesis in Computer Science.
During my time at Ghent University, I was a teaching assistant for the Compilers and Computer Architecture classes. I also co-organized, presented, and designed many of the hacking challenges for the Ethical Hacking Workshops we offered to the Computer Science and Informatics students.
Beside my academic career, I also have a couple of cool gaming side-projects!
Research
My research interests include:
- Systems security (software diversity, exploits, mitigations, multi-variant execution, safe programming languages)
- Online gaming (anti-cheat, runtime support, 3d rendering)
- Operating systems (kernel development, virtualization, debugging, record/replay, fault-tolerance, reliability)
- Software protection (obfuscation, anti-tampering, integrity checking, reverse engineering)
- Ethical Hacking
Publications
Moneta: Ex-Vivo GPU Driver Fuzzing by Recalling In-Vivo Execution States.
Joonkyo Jung, Jisoo Jang, Yongwan Jo, Jonas Vinck, Alexios Voulimeneas, Stijn Volckaert, Dokyung Song.
In Network and Distributed System Security Symposium (NDSS'25).
Accepted For Publication.
I’ll Be There for You! Perpetual Availability in the A^8 MVX System
André Rösti, Stijn Volckaert, Michael Franz, and Alexios Voulimeneas.
In Annual Computer Security Applications Conference (ACSAC'24).
Accepted For Publication.
Not Quite Write: On the Effectiveness of Store-Only Bounds Checking
Adriaan Jacobs and Stijn Volckaert.
In USENIX WOOT Conference on Offensive Technologies (WOOT'24).
Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps
Karel Dhondt, Victor Le Pochat, Yana Dimova, Wouter Joosen, and Stijn Volckaert.
In USENIX Security Symposium (SEC'24).
[Acceptance Rate: 382/2176=17.56%]
Also presented at Black Hat USA 2024.
Gluezilla: Efficient and Scalable Software to Hardware Binding using Rowhammer
Ruben Mechelinck, Daniel Dorfmeister, Bernhard Fischer, Stijn Volckaert, and Stefan Brunthaler.
In Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA'24).
[Acceptance Rate: 28/110=25.45%]
System Call Interposition Without Compromise
Adriaan Jacobs, Merve Gülmez, Alicia Andries, Stijn Volckaert, and Alexios Voulimeneas.
In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'24).
[Acceptance Rate: 42/204=21%]
A run a day won't keep the hacker away: Inference Attacks on Endpoint Privacy Zones in Fitness Tracking Social Networks
Karel Dhondt, Victor Le Pochat, Alexios Voulimeneas, Wouter Joosen, and Stijn Volckaert.
In Conference on Computer and Communications Security (CCS'22).
[Acceptance Rate: 218/971=22.5%]
Sharing is Caring: Secure and Efficient Shared Memory Support for MVEEs
Jonas Vinck, Bert Abrath, Bart Coppens, Alexios Voulimeneas, Bjorn De Sutter, and Stijn Volckaert.
In European Conference on Computer Systems (EuroSys'22).
[Acceptance Rate: 45/162=27.78%]
You Shall Not (by)Pass! Practical, Secure, and Fast PKU-based Sandboxing
Alexios Voulimeneas, Jonas Vinck, Ruben Mechelinck, and Stijn Volckaert.
In European Conference on Computer Systems (EuroSys'22).
[Acceptance Rate: 45/162=27.78%]
PKRU-Safe: Automatically Locking Down the Heap Between Safe and Unsafe Languages
Paul Kirth, Mitchel Dickerson, Stephen Crane, Per Larsen, Adrian Dabrowski, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz.
In European Conference on Computer Systems (EuroSys'22).
[Acceptance Rate: 45/162=27.78%]
[Best Paper Award!]
dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting
Alexios Voulimeneas, Dokyung Song, Per Larsen, Michael Franz, and Stijn Volckaert.
In European Workshop on Systems Security (EuroSec'21).
CoDaRR: Continuous Data Space Randomization against Data-Only Attacks
Prabhu Rajasekaran, Stephen Crane, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz.
In ACM Asia Conference on Computer and Communications Security (AsiaCCS'20).
[Acceptance Rate: 67/308=21.75%]
Distributed Heterogeneous N-Variant Execution
Alexios Voulimeneas, Dokyung Song, Fabian Parzefall, Yeoul Na, Per Larsen, Michael Franz, and Stijn Volckaert.
In Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'20).
[Acceptance Rate: 13/50=26%]
BinRec: Dynamic Binary Lifting and Recompilation - The Best Thing Since Sliced Binaries
Anil Altinay, Joe Nash, Taddeus Kroes, Prabhu Rajasekaran, Dixin Zhou, Adrian Dabrowski, David Gens, Yeoul Na, Stijn Volckaert, Cristiano Giuffrida, Herbert Bos, and Michael Franz.
In European Conference on Computer Systems (EuroSys'20).
[Acceptance Rate: 43/234=18.38%]
NoJITsu: Locking Down JavaScript Engines
Taemin Park, Karel Dhondt, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz.
In Network and Distributed System Security Symposium (NDSS'20).
[Acceptance Rate: 88/506=17.39%]
KALD: Detecting Direct Pointer Disclosure Vulnerabilities
Brian Belleville, Wenbo Shen, Stijn Volckaert, Ahmed M. Azab, and Michael Franz.
In IEEE Transactions on Dependable and Secure Computing (2019).
[Impact Factor: 4.410]
SoK: Sanitizing for Security
Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, and Michael Franz.
In IEEE Symposium on Security and Privacy (S&P'19).
[Acceptance Rate: 84/673=12.48%]
PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, and Michael Franz.
In Network and Distributed System Security Symposium (NDSS'19).
[Acceptance Rate: 89/521=17.08%]
BinRec: Attack Surface Reduction Through Dynamic Binary Recovery
Taddeus Kroes, Anil Altinay, Joseph Nash, Yeoul Na, Stijn Volckaert, Herbert Bos, Michael Franz, and Cristiano Giuffrida.
In 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST'18).
BinRec: Attack Surface Reduction Through Dynamic Binary Recovery
Taddeus Kroes, Anil Altinay, Joseph Nash, Yeoul Na, Stijn Volckaert, Herbert Bos, Michael Franz, and Cristiano Giuffrida.
In International Workshop on SoftwAre debLoating And Delayering (SALAD'18).
Hardware-Assisted Randomization of Data
Brian Belleville, Hyungon Moon, Jangseop Shin, Dongil Hwang, Joseph Nash, Seonhwa Jung, Yeoul Na, Stijn Volckaert, Per Larsen, Yunheung Paek, and Michael Franz.
In International Symposium on Research in Attacks, Intrusions and Defenses (RAID'18).
[Acceptance Rate: 33/145=22.76%]
PartiSan: Fast and Flexible Sanitization via Run-time Partitioning
Julian Lettner, Dokyung Song, Taemin Park, Stijn Volckaert, Per Larsen, and Michael Franz.
In International Symposium on Research in Attacks, Intrusions and Defenses (RAID'18).
[Acceptance Rate: 33/145=22.76%]
Bytecode Corruption Attacks Are Real - And How To Defend Against Them
Taemin Park, Julian Lettner, Yeoul Na, Stijn Volckaert, Michael Franz.
In International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'18).
[Acceptance Rate: 18/59=30.51%]
Accelerating Dynamically-Typed Languages on Heterogeneous Platforms Using Guards Optimization
Mohaned Qunaibit, Stefan Brunthaler, Yeoul Na, Stijn Volckaert, Michael Franz.
In 32nd European Conference on Object-Oriented Programming (ECOOP'18).
Multi-Variant Execution Environments
in "The Continuing Arms Race: Code-Reuse Attacks and Defenses"
Bart Coppens, Bjorn De Sutter, Stijn Volckaert.
Morgan & Claypool, 2018.
Venerable Variadic Vulnerabilities Vanquished
Priyam Biswas, Alessandro Di Federico, Scott A. Carr, Prabhu Rajasekaran, Stijn Volckaert, Yeoul Na, Michael Franz, and Mathias Payer.
In 26th USENIX Security Symposium (SEC'17), USENIX, 2017.
[Acceptance Rate: 85/522=16.28%]
Taming Parallelism in a Multi-Variant Execution Environment
Stijn Volckaert, Bart Coppens, Bjorn De Sutter, Koen De Bosschere, Per Larsen, and Michael Franz.
In 12th European Conference on Computer Systems (EuroSys'17), ACM, 2017.
[Acceptance Rate: 41/201=20.39%]
Tightly-coupled self-debugging software protection
Bert Abrath, Bart Coppens, Stijn Volckaert, Joris Wijnant, and Bjorn De Sutter.
In 6th Workshop on Software Security, Protection, and Reverse Engineering (SSPREW'16), ACM, 2016.
Composition Challenges for Automated Software Diversity
Benjamin Davis, Per Larsen, Stijn Volckaert, Simon Winwood, David Melski, Michael Franz, and Stephen Magill.
In 10th Layered Assurance Workshop (LAW'16), ACM, 2016.
Secure and Efficient Application Monitoring and Replication
Stijn Volckaert, Bart Coppens, Alexios Voulimeneas, Andrei Homescu, Per Larsen, Bjorn De Sutter, and Michael Franz.
In 2016 USENIX Annual Technical Conference (ATC'16), pages 167-179. USENIX, 2016.
[Acceptance Rate: 47/266=17.6%]
It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks
Stephen Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, Michael Franz.
In Conference on Computer and Communications Security (CCS'15), pages 243-255. ACM, 2015.
[Acceptance Rate: 128/646=19.4%]
Advanced Techniques for Multi-Variant Execution
Stijn Volckaert.
PhD dissertation, Ghent University, 2015.
Cloning your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution
Stijn Volckaert, Bart Coppens, and Bjorn De Sutter.
In IEEE Transactions on Dependable and Secure Computing (Volume 13, Issue 4, July-Aug 2016).
[Impact Factor: 4.410]
Obfuscating Windows DLLs
Bert Abrath, Bart Coppens, Stijn Volckaert, and Bjorn De Sutter.
In 1st International Workshop on Software Protection (SPRO'15), IEEE, 2015.
GHUMVEE: Efficient, effective, and flexible replication
Stijn Volckaert, Bjorn De Sutter, Tim De Baets, and Koen De Bosschere.
In 5th International Symposium on Foundations and Practice of Security (FPS'12), pages 261-277. Springer, 2013.
DNS tunneling for network penetration
Daan Raman, Bjorn De Sutter, Bart Coppens, Stijn Volckaert, Koen De Bosschere, Pieter Danhieux, Erik Van Buggenhout.
In International Conference on Information Security and Cryptology (ICISC'12), pages 65-77. Springer, 2012.
Professional Activities
Program Committee Member
- (EuroSec 2024) European Workshop on Systems Security
- (ICS 2024) Information Security Conference
- (EuroSys 2021, 2022) European Conference on Computer Systems
- (RAID 2019) International Symposium on Research in Attacks, Intrusions and Defenses
- (ICISS 2018, 2020, 2021, 2022) International Conference on Information Systems Security
- (TRUST 2016) International Conference on Trust and Trustworthy Computing
Journal Reviewer
- (TEVC) IEEE Transactions on Evolutionary Computation
- (J-CS) Journal of Computer Security
- (TOPS) ACM Transactions on Privacy and Security
- (S&P) IEEE Security and Privacy
- (TPDS) IEEE Transactions on Parallel and Distributed Systems
- (JISA) Elsevier Journal of Information Security and Applications
- (CSUR) ACM Computing Surveys
- (TIFS) IEEE Transactions on Information Forensics & Security
External Reviewer
- (WOOT 2017) USENIX Workshop on Offensive Technologies
- (ESSoS 2017) International Symposium on Engineering Secure Software and Systems
- (ACNS 2017) International Conference on Applied Cryptography and Network Security
- (SPRO 2016) International Workshop on Software PROtection
- (CCS 2016, 2018) ACM Conference on Computer and Communications Security
- (USENIX SEC 2016) USENIX Security Symposium
- (ICDCS 2016) IEEE International Conference on Distributed Computing Systems
- (IFIP SEC 2015) International Conference on ICT Systems Security and Privacy Protection
- (M-SCOPES 2013) International Workshop on Software and Compilers for Embedded Systems
Teaching
- [Since 2022] Operating Systems 2
- [Since 2021] Engineering Experience 2 - Electronics and ICT Engineering
- [Since 2020] Operating Systems 1
- [Since 2018] Secure Software and Hacking
- [2018-2022] Mobile App Development
Students
Current PhD Students
- Jonas Vinck (since 2019)
- Ruben Mechelinck (since 2019)
- Adriaan Jacobs (since 2021)
- Alicia Andries (Since 2022)
- Jonas Roels (Since 2024)
- Anton Schelfhout (Since 2024)
Current Master Thesis Students
- Vincent Vansant
- Ruben Sturm
- Victor Deforce
- Klaas Meersman
- Christiana Galani
- Yari Vanherpe
- Christoph Sanders
- Cedric Josse
- Robbe Hovaert
- Thibault Dekock
Graduated PhD Students
- Karel Dhondt. Dissertation Title: Analysis of Use Privacy in Online Location-Based Services. Graduation Date: April 2024.
Former Postdoctoral Scholars
- Alexios Voulimeneas (2020-2023, now at TU Delft)
Graduated Master Thesis Students
- Tibo Rigole (graduated 2018-2019)
- Jonas Tollenaere (graduated 2019-2020, co-supervised with Tony Wauters)
- Nisse Van Sinay (graduated 2019-2020)
- Adriaan Jacobs (graduated 2020-2021)
- Robbe Ipers (graduated 2020-2021)
- Victor Goeman (graduated 2020-2021, co-supervised with Jorn Lapon)
- Pieter Carlu (graduated 2020-2021, co-supervised with Jorn Lapon)
- Arne Hellin (graduated 2021-2022, co-supervised with Tony Wauters)
- Jerry Xiong (graduated 2021-2022, co-supervised with Tony Wauters)
- Bente Van Eeckhoudt (graduated 2021-2022)
- Tibo Verdonck (graduated 2021-2022)
- Lisa De Vuyst (graduated 2021-2022)
- Evelyn De Smet (graduated 2021-2022)
- Steven Impens (graduated 2022-2023)
- Wout Deleu (graduated 2022-2023)
- Arijn Borzo (graduated 2022-2023)
- Thomas Gruyaert (graduated 2022-2023)
- Anton Schelfhout (graduated 2023-2024)
- Niels Van Bossche (graduated 2023-2024, co-supervised with Tony Wauters)
- Jonas Roels (graduated 2023-2024, co-supervised with Tony Wauters)
- Brecht Van de Sijpe (graduated 2023-2024)
- Joffrey Van Cauwenberghe (graduated 2023-2024)
Other Activities
I am a member of the OldUnreal developer team where I lead the effort to maintain the code base of Unreal Tournament (99). OldUnreal is a group of game developers that maintains (with the permission of the original developers) and works on audio and video rendering enhancements for older Unreal Engine games.
I am also the creator and maintainer of Anti-Cheat Engine (ACE). ACE is a native cheat protection tool for several online games based on Unreal Engine. ACE monitors the integrity each player's in-memory game state and hardens the game's UnrealScript interpreter. Some integrity violations ACE detects include native code patches in game files and system libraries ("hooks"), import/export table patches, virtual function table patches, replacement of critical game objects, bytecode patches, suspicious accesses to critical data structures, ... ACE is/was a mandatory tool in most online gaming leagues that hosted competitions for Unreal Engine games, including ClanBase (now defunct), ESL, UTAssault, and Major League UT.