I am a Postdoctoral Scholar in Professor Michael Franz's Secure Systems Lab lab at the Donald Bren School of Information and Computer Science at UC Irvine.
I obtained my PhD degree from Ghent University, Belgium in 2015 under the supervision of Professors Bjorn De Sutter and Koen De Bosschere. In my PhD dissertation, I proposed new techniques to improve the security, performance and applicability of Multi-Variant Execution systems. I was funded by the Agency for Innovation by Science and Technology. ReMon/GHUMVEE, the Multi-Variant Execution system I built during my research is available on GitHub.
My dissertation was awarded the IBM Innovation Award 2016 for an outstanding PhD thesis in Computer Science.
My research interests include:
- Information security (software diversity, exploits, mitigations, ...)
- Operating systems (kernel development, virtualization, debugging, record/replay, fault-tolerance, reliability)
- Software protection (obfuscation, anti-tampering, integrity checking, reverse engineering)
PartiSan: Fast and Flexible Sanitization via Run-time Partitioning
Julian Lettner, Dokyung Song, Taemin Park, Stijn Volckaert, Per Larsen, and Michael Franz.
arXiv preprint arXiv:1711.08108
Venerable Variadic Vulnerabilities Vanquished
Priyam Biswas, Alessandro Di Federico, Scott A. Carr, Prabhu Rajasekaran, Stijn Volckaert, Yeoul Na, Michael Franz, and Mathias Payer.
In 26th USENIX Security Symposium (SEC'17), USENIX, 2017.
[Acceptance Rate: 85/522=16.28%]
Taming Parallelism in a Multi-Variant Execution Environment
Stijn Volckaert, Bart Coppens, Bjorn De Sutter, Koen De Bosschere, Per Larsen, and Michael Franz.
In 12th European Conference on Computer Systems (EuroSys'17), ACM, 2017.
[Acceptance Rate: 41/201=20.39%]
Tightly-coupled self-debugging software protection
Bert Abrath, Bart Coppens, Stijn Volckaert, Joris Wijnant, and Bjorn De Sutter.
In 6th Workshop on Software Security, Protection, and Reverse Engineering (SSPREW'16), ACM, 2016.
Composition Challenges for Automated Software Diversity
Benjamin Davis, Per Larsen, Stijn Volckaert, Simon Winwood, David Melski, Michael Franz, and Stephen Magill.
In 10th Layered Assurance Workshop (LAW'16), ACM, 2016.
Secure and Efficient Application Monitoring and Replication
Stijn Volckaert, Bart Coppens, Alexios Voulimeneas, Andrei Homescu, Per Larsen, Bjorn De Sutter, and Michael Franz.
In 2016 USENIX Annual Technical Conference (ATC'16), pages 167-179. USENIX, 2016.
[Acceptance Rate: 47/266=17.6%]
It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks
Stephen Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, Michael Franz.
In Conference on Computer and Communications Security (CCS'15), pages 243-255. ACM, 2015.
[Acceptance Rate: 128/646=19.4%]
Advanced Techniques for Multi-Variant Execution
PhD dissertation, Ghent University, 2015.
Cloning your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution
Stijn Volckaert, Bart Coppens, and Bjorn De Sutter.
In IEEE Transactions on Dependable and Secure Computing (Volume 13, Issue 4, July-Aug 2016).
[Impact Factor: 1.592]
GHUMVEE: Efficient, effective, and flexible replication
Stijn Volckaert, Bjorn De Sutter, Tim De Baets, and Koen De Bosschere.
In 5th International Symposium on Foundations and Practice of Security (FPS'12), pages 261-277. Springer, 2013.
DNS tunneling for network penetration
Daan Raman, Bjorn De Sutter, Bart Coppens, Stijn Volckaert, Koen De Bosschere, Pieter Danhieux, Erik Van Buggenhout.
In International Conference on Information Security and Cryptology (ICISC'12), pages 65-77. Springer, 2012.
Program Committee Member
- (TRUST 2016) International Conference on Trust and Trustworthy Computing
- (S&P) IEEE Security and Privacy
- (TPDS) IEEE Transactions on Parallel and Distributed Systems
- (CSUR) ACM Computing Surveys
- (WOOT 2017) USENIX Workshop on Offensive Technologies
- (ESSoS 2017) International Symposium on Engineering Secure Software and Systems
- (ACNS 2017) International Conference on Applied Cryptography and Network Security
- (SPRO 2016) International Workshop on Software PROtection
- (CCS 2016) ACM Conference on Computer and Communications Security
- (USENIX SEC 2016) USENIX Security Symposium
- (ICDCS 2016) IEEE International Conference on Distributed Computing Systems
- (IFIP SEC 2015) International Conference on ICT Systems Security and Privacy Protection
- (M-SCOPES 2013) International Workshop on Software and Compilers for Embedded Systems
- (ISSISP 2011) International Summer School on Information Security and Protection
I am the creator and maintainer of Anti-Cheat Engine for Unreal Engine (ACE). ACE is a non-signature based native cheat protection tool for several online games based on Unreal Engine. ACE monitors the integrity each player's in-memory game state and hardens the game's UnrealScript interpreter. Some integrity violations ACE detects include native code patches in game files and system libraries ("hooks"), import/export table patches, virtual function table patches, replacement of critical game objects, bytecode patches, suspicious accesses to critical data structures, ...
ACE is/was a mandatory tool in most online gaming leagues that hosted competitions for Unreal Engine games, including ClanBase (now defunct), ESL, UTAssault, and Major League UT.