Stijn Volckaert

Download as .zip Download as .tar.gz View on GitHub


I am an Assistant Professor at DistriNet, KU Leuven - Technology Campus Ghent in Belgium.

From December 2015 until July 2018, I was a Postdoctoral Scholar in Professor Michael Franz's Secure Systems Lab lab at the Donald Bren School of Information and Computer Science at UC Irvine.

I obtained my PhD degree from Ghent University, Belgium in 2015 under the supervision of Professors Bjorn De Sutter and Koen De Bosschere. In my PhD dissertation, I proposed new techniques to improve the security, performance and applicability of Multi-Variant Execution systems. I was funded by the Agency for Innovation by Science and Technology. ReMon/GHUMVEE, the Multi-Variant Execution system I built during my research is available on GitHub.

My dissertation was awarded the IBM Innovation Award 2016 for an outstanding PhD thesis in Computer Science.


My research interests include:


SoK: Sanitizing for Security
Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, and Michael Franz.
In IEEE Symposium on Security and Privacy (S&P'19).
Accepted. To Appear.

BinRec: Attack Surface Reduction Through Dynamic Binary Recovery
Taddeus Kroes, Anil Altinay, Joseph Nash, Yeoul Na, Stijn Volckaert, Herbert Bos, Michael Franz, and Cristiano Giuffrida.
In International Workshop on SoftwAre debLoating And Delayering (SALAD'18)
Accepted. To Appear.

Hardware-Assisted Randomization of Data
Brian Belleville, Hyungon Moon, Jangseop Shin, Dongil Hwang, Joseph Nash, Seonhwa Jung, Yeoul Na, Stijn Volckaert, Per Larsen, Yunheung Paek, and Michael Franz.
In International Symposium on Research in Attacks, Intrusions and Defenses (RAID'18).
Conditionally accepted. To Appear.
[Acceptance Rate: 33/145=22.76%]

PartiSan: Fast and Flexible Sanitization via Run-time Partitioning
Julian Lettner, Dokyung Song, Taemin Park, Stijn Volckaert, Per Larsen, and Michael Franz.
In International Symposium on Research in Attacks, Intrusions and Defenses (RAID'18).
Accepted. To Appear.
[Acceptance Rate: 33/145=22.76%]

Bytecode Corruption Attacks Are Real - And How To Defend Against Them
Taemin Park, Julian Lettner, Yeoul Na, Stijn Volckaert, Michael Franz.
In International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'18).
[Acceptance Rate: 18/59=30.51%]

Accelerating Dynamically-Typed Languages on Heterogeneous Platforms Using Guards Optimization
Mohaned Qunaibit, Stefan Brunthaler, Yeoul Na, Stijn Volckaert, Michael Franz.
In 32nd European Conference on Object-Oriented Programming (ECOOP'18).

Multi-Variant Execution Environments
in "The Continuing Arms Race: Code-Reuse Attacks and Defenses"
Bart Coppens, Bjorn De Sutter, Stijn Volckaert.
Morgan & Claypool, 2018.

Venerable Variadic Vulnerabilities Vanquished
Priyam Biswas, Alessandro Di Federico, Scott A. Carr, Prabhu Rajasekaran, Stijn Volckaert, Yeoul Na, Michael Franz, and Mathias Payer.
In 26th USENIX Security Symposium (SEC'17), USENIX, 2017.
[Acceptance Rate: 85/522=16.28%]

Taming Parallelism in a Multi-Variant Execution Environment
Stijn Volckaert, Bart Coppens, Bjorn De Sutter, Koen De Bosschere, Per Larsen, and Michael Franz.
In 12th European Conference on Computer Systems (EuroSys'17), ACM, 2017.
[Acceptance Rate: 41/201=20.39%]

Tightly-coupled self-debugging software protection
Bert Abrath, Bart Coppens, Stijn Volckaert, Joris Wijnant, and Bjorn De Sutter.
In 6th Workshop on Software Security, Protection, and Reverse Engineering (SSPREW'16), ACM, 2016.

Composition Challenges for Automated Software Diversity
Benjamin Davis, Per Larsen, Stijn Volckaert, Simon Winwood, David Melski, Michael Franz, and Stephen Magill.
In 10th Layered Assurance Workshop (LAW'16), ACM, 2016.

Secure and Efficient Application Monitoring and Replication
Stijn Volckaert, Bart Coppens, Alexios Voulimeneas, Andrei Homescu, Per Larsen, Bjorn De Sutter, and Michael Franz.
In 2016 USENIX Annual Technical Conference (ATC'16), pages 167-179. USENIX, 2016.
[Acceptance Rate: 47/266=17.6%]

It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks
Stephen Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, Michael Franz.
In Conference on Computer and Communications Security (CCS'15), pages 243-255. ACM, 2015.
[Acceptance Rate: 128/646=19.4%]

Advanced Techniques for Multi-Variant Execution
Stijn Volckaert.
PhD dissertation, Ghent University, 2015.

Cloning your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution
Stijn Volckaert, Bart Coppens, and Bjorn De Sutter.
In IEEE Transactions on Dependable and Secure Computing (Volume 13, Issue 4, July-Aug 2016).
[Impact Factor: 1.592]

Obfuscating Windows DLLs
Bert Abrath, Bart Coppens, Stijn Volckaert, and Bjorn De Sutter.
In 1st International Workshop on Software Protection (SPRO'15), IEEE, 2015.

GHUMVEE: Efficient, effective, and flexible replication
Stijn Volckaert, Bjorn De Sutter, Tim De Baets, and Koen De Bosschere.
In 5th International Symposium on Foundations and Practice of Security (FPS'12), pages 261-277. Springer, 2013.

DNS tunneling for network penetration
Daan Raman, Bjorn De Sutter, Bart Coppens, Stijn Volckaert, Koen De Bosschere, Pieter Danhieux, Erik Van Buggenhout.
In International Conference on Information Security and Cryptology (ICISC'12), pages 65-77. Springer, 2012.

Professional Activities

Program Committee Member

Journal Reviewer

External Reviewer


Other Activities

I am the creator and maintainer of Anti-Cheat Engine for Unreal Engine (ACE). ACE is a non-signature based native cheat protection tool for several online games based on Unreal Engine. ACE monitors the integrity each player's in-memory game state and hardens the game's UnrealScript interpreter. Some integrity violations ACE detects include native code patches in game files and system libraries ("hooks"), import/export table patches, virtual function table patches, replacement of critical game objects, bytecode patches, suspicious accesses to critical data structures, ...

ACE is/was a mandatory tool in most online gaming leagues that hosted competitions for Unreal Engine games, including ClanBase (now defunct), ESL, UTAssault, and Major League UT.