Stelios Sidiroglou-Douskos Homepage
`
`http://people.csail.mit.edu/stelios/
`
`Research Scientist
`MIT, Computer Science and Artificial Intelligence
`Laboratory
`
`Ph.D. 2008, Columbia University
`M.Phil. 2006, Columbia University
`M.Sc. 2003, Columbia University
` The Stata Center, Building 32-G728
`32 Vassar St, Cambridge, MA 02139
` stelios at csail dot mit dot edu
`
`Stelios is a research scientist in the Computer
`Science and Artificial Intelligence Laboratory at
`MIT in Cambridge, MA. He is also a member of
`the Center for Reliable Software CRS. His
`technical interests are in systems security,
`software reliability, software engineering and
`"unsound" computation.
`He is also a co-founder of Locu, Inc. ( Acquired
`by GoDaddy )
`
`Link to Google Scholar page.
`
`Our paper "Control Jujutsu: On the
`Weaknesses of Fine-Grained Control Flow
`Integrity" was accepted at CCS 2015
`
`Our paper "Automatic Error Elimination by
`Multi-Application Code Transfer" was
`accepted at PLDI 2015 [MIT NEWS]
`
`Our paper "Missing the Point: On the
`Effectiveness of Code Pointer Integrity"was
`accepted at Oakland 2015
`
`Our paper "Automatic Integer Overflow
`Discovery Using Goal-Directed Conditional
`Branch Enforcement" was accepted at
`ASPLOS 2015
`
`Our paper "Principled Sampling for Anomaly
`Detection" was accepted at NDSS 2015
`
`My research interests span the areas of systems, security and programming languages. In particular,
`I investigate ways in which software can be pushed to operate beyond its prescribed use to provide
`innovative solutions such as self-healing software, collaborative application communities and energy-
`
`1 of 8
`
`10/7/2015 2:39 AM
`
`Columbia Ex 2032-1
`Symantec v Columbia
`IPR2015-00375
`
`

`
`Stelios Sidiroglou-Douskos Homepage
`
`http://people.csail.mit.edu/stelios/
`
`conscious computing. The motivation for this research is that today’s software systems are exploding
`in size and complexity, resulting in security vulnerabilities and pathological performance
`characteristics. Fortunately, complexity has a significant fringe benefit that can be used to combat
`these problems: software elasticity or the ability of a program to operate outside its intended use.
`Software elasticity is founded on the observation that as software grows in complexity so does its
`ability to tolerate unexpected events such as induced errors or reduced accuracy. In previous work, I
`used the concept of software elasticity to develop systems that can automatically heal themselves
`from a variety of faults. Recently, I have used software elasticity to create systems that can
`dynamically trade off accuracy for reliability, performance and power. In the future, the focus of my
`research will be on solving traditionally hard problems by challenging conventional assumptions.
`Secure Cloud Computing Systems
`Modern cloud computing systems offer unprecedented computational resources and flexibility in
`allocating those resources to a variety of users and tasks. But cloud computing systems also provide
`attackers with new opportunities and can amplify the ability of the attacker to compromise the
`computing infrastructure.
`
`The Cloud Intrusion Detection and Repair project is developing a system that observes normal
`interactions during the secure operation of the cloud to derive properties that characterize this secure
`operation. If any part of the cloud subsequently attempts to violate these properties, the system
`intervenes and changes the interaction (by, for example, adding or removing operations or changing
`the parameters that appear in operations) to ensure that the cloud executes securely and survives
`the attack while continuing to provide uninterrupted service to legitimate users.
`
`This project is currently funded under the DARPA Mission-Oriented Resilient Clouds (MRC) program.
`MIT is the sole performer.
`Input Rectification
`Applications are typically able to process the vast majority of inputs securely. Attacks usually succeed
`because they contain an atypical feature that the application does not process correctly. Our input
`rectification research observes inputs that the application processes correctly to derive a model (in
`the form of constraints over input fields) of the "comfort zone" of the application (the set of inputs that
`the application can process successfully). When it encounters an input that is outside the comfort
`zone, the rectifier uses the model to change the input to move the input into the comfort zone of the
`application. Our results show that this technique eliminates security vulnerabilities in a range of
`applications, leaves the overwhelming majority of safe inputs unchanged, and preserves much of the
`useful information in modified atypical inputs.
`Code Perforation
`Many modern computations (such as video and audio encoders, Monte Carlo simulations, and
`machine learning algorithms) are designed to trade off accuracy in return for increased performance.
`
`2 of 8
`
`10/7/2015 2:39 AM
`
`Columbia Ex 2032-2
`Symantec v Columbia
`IPR2015-00375
`
`

`
`Stelios Sidiroglou-Douskos Homepage
`
`http://people.csail.mit.edu/stelios/
`
`To date, such computations typically use ad-hoc, domain-specific techniques developed specifically
`for the computation at hand. Our research explores a new general technique, Code Perforation, for
`automatically augmenting existing computations with the capability of trading off accuracy in return
`for performance. In contrast to existing approaches, which typically require the manual development
`of new algorithms, our implemented SpeedPress compiler can automatically apply code perforation
`to existing computations with no developer intervention whatsoever. The result is a transformed
`computation that can respond almost immediately to a range of increased performance demands
`while keeping any resulting output distortion within acceptable user-defined bounds.
`
`Press on CodePhage
`
`MIT News
`Slashdot
`Hacker News
`The Register
`Gizmodo
`Fortune
`Gizmag
`ComputerWorld
`
`Locu acquired by GoDaddy:
`
`Acquired by GoDaddy
`
`Press on our Secure Cloud Computing Systems work:
`
`Agence France-Press(AFP)
`
`Some press on our software self-healing work:
`
`MIT News
`MIT Technology Review
`Slashdot
`
`Some press on our Code Perforation work:
`
`MIT News
`
`1.
`
`2015
`[CCS] "Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity"
`Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, Stelios Sidiroglou-
`Douskos . CCS 2015
`
`2.
`
`[HPEC] "Program Fracture and Recombination for Efficient Automatic Code Reuse"
`Peter Amidon, Eli Davis, Stelios Sidiroglou-Douskos , Martin Rinard. HPEC 2015
`
`3.
`
`[PLDI] "Automatic Error Elimination by Multi-Application Code Transfer"
`Stelios Sidiroglou-Douskos , Eric Lahtinen, Fan Long, Martin Rinard. PLDI 2015
`
`3 of 8
`
`10/7/2015 2:39 AM
`
`Columbia Ex 2032-3
`Symantec v Columbia
`IPR2015-00375
`
`

`
`Stelios Sidiroglou-Douskos Homepage
`
`http://people.csail.mit.edu/stelios/
`
`4.
`
`[Oakland] "Missing the Point: On the Effectiveness of Code Pointer Integrity"
`Isaac Evans, Samuel Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios
`Sidiroglou-Douskos , Martin Rinard, Hamed Okhravi. Oakland 2015
`
`5.
`
`[ASPLOS] "Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement"
`Stelios Sidiroglou , Eric Lahtinen, Nathan Rittenhouse, Paolo Piselli, Fan Long, Doekhwan Kim, Martin Rinard.
`ASPLOS 2015
`
`6.
`
`[NDSS] "Principled Sampling for Anomaly Detection"
`Brendan Juba, Christopher Musco, Fan Long, Stelios Sidiroglou , Martin Rinard. NDSS 2014.
`
`2014
`[USPTO] "Automatic Correction of Program Logic"
`th
`Jeff Perkins, Stelios Sidiroglou , Martin Rinard, et al. . U.S. Patent Number 8788884. Issued on June 7 , 2012.
`
`7.
`
`8.
`
`[PLDI] "Automatic Runtime Error Repair and Containment via Recovery Shepherding"
`Fan Long, Stelios Sidiroglou , Martin Rinard. PLDI 2014.
`
`9.
`
`[POPL] "Sound Input Filter Generation for Integer Overflow Errors"
`Fan Long, Stelios Sidiroglou , Deokhwan Kim, Martin Rinard. POPL 2014.
`
`2013
`
`10.
`
`[CASCON] "A Source-to-Source Transformation Tool for Error Fixing"
`Your Khmelevsky, Martin Rinard, Stelios Sidiroglou. CASCON 2013 Toronto, Canada, November 2013
`
`11.
`
`[USPTO] "Methods, systems, and media for detecting covert malware"
`Brian M. Bowen, Pratap V. Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou , Salvatore J. Stolfo, and Angelos D.
`Keromytis. U.S. Patent Number 8,528,091. Issued on September 3rd, 2013.
`
`12.
`
`[USPTO] "Systems, methods, and media protecting a digital data processing device from attack"
`Stelios Sidiroglou , Angelos D. Keromytis, and Salvatore J. Stolfo U.S. Patent Number 8,407,785. Issued on March
`26th, 2013.
`
`2012
`
`13.
`
`[RACES'12] "Dancing with Uncertainty"
`Sasa Misailovic, Stelios Sidiroglou and Martin Rinard
`In the Proceedings of the SPLASH 2012 Workshop on Relaxing Synchronization for Multicore and Manycore Scalability
`June 2012, Zurich, Switzerland.
`
`14.
`
`[ICSE'12] "Automatic Input Rectification"
`Fan Long, Vijay Ganesh, Michael Carbin, Stelios Sidiroglou and Martin Rinard
`th
`In the Proceedings of the 34 International Conference on Software Engineering.
`June 2012, Zurich, Switzerland.
`
`15.
`
`[USPTO] "Methods, media and systems for detecting anomalous program executions"
`Salvatore J. Stolfo, Angelos D. Keromytis and Stelios Sidiroglou , . U.S. Patent Number 8,074,115. Issued on
`th
`January 7 , 2012.
`
`2011
`
`16.
`
`[FSE'11] "Managing Performance vs. Accuracy Trade-offs With Loop Perforation"
`
`4 of 8
`
`10/7/2015 2:39 AM
`
`Columbia Ex 2032-4
`Symantec v Columbia
`IPR2015-00375
`
`

`
`Stelios Sidiroglou-Douskos Homepage
`
`http://people.csail.mit.edu/stelios/
`
`Stelios Sidiroglou, Sasa Misailovic, Henry Hoffman, Martin Rinard
`In the ACM SIGSOFT Symposium on the Foundations of Software Engineering.
`September 2011, Szeged, Hungary.
`
`17.
`
`[ASPLOS'11] "Dynamic Knobs for Power-Aware Computing"
`Stelios Sidiroglou, Henry Hoffman, Stelios Sidiroglou, Michael Carbin, Sasa Misailovic, Anant Agarwal and Martin
`Rinard
`th
`In the Proceedings of the 15 International Conference on Architectural Support for Programming Languages and
`Operating Systems (ASPLOS).
`March 2011, Newport beach, CA, USA
`
`18.
`
`[USPTO] "Methods, systems and media for software self-healing"
`Michael E. Locasto, Angelos D. Keromytis, Salvatore J. Stolfo, Angelos Stavrou, Gabriela Cretu, Stelios Sidiroglou,
`th
`Jason Nieh, and Oren Laadan. U.S. Patent Number 7,962,798. Issued on June 14 , 2011.
`
`19.
`
`[USPTO] "Systems and methods for detecting and inhibiting attacks using honeypots"
`Stelios Sidiroglou , Angelos D. Keromytis, and Kostas G. Anagnostakis. U.S. Patent Number 7,904,959. Issued on
`th
`March 8 , 2011.
`
`2010
`
`20.
`
`[ICISC'10] "An Adversarial Evaluation of Network Signaling and Control Mechanisms"
`Kangkook Jee, Stelios Sidiroglou, Angelos Stavrou, Angelos D. Keromytis
`th
`In the Proceedings of the 13 International Conference on Information Security and Cryptology (ICISC).
`December 2010, Seoul,Korea
`
`21.
`
`[ONWARD'10] Patterns and Statistical Analysis for Understanding Reduced Resource Computing
`Martin Rinard, Sasa Misailovic, Hank Hoffman and Stelios Sidiroglou,
`In the Proceedings of the Onward! 2010 Conference
`October 2010, Reno-Tahoe, Nevada, USA.
`
`22.
`
`[RAID '10] "BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware
`Detection"
`Brian M. Bower, Pratap Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou, Angelos D. Keromytis and Salvatore J.
`Stolfo
`th
`In the Proceedings of the 13 International Symposium on Recent Advances in Intrusion Detection.
`September 2010. Ottawa, Canada
`
`23.
`
`[ICSE '10] "Quality of Service Profiling"
`Sasa Misailovic, Stelios Sidiroglou, Hank Hoffman and Martin Rinard
`nd
`In the Proceedings of the 32 International Conference on Software Engineering.
`May 2010, Cape Town, South Africa.
`
`24.
`
`[IJCNS '10] "Shadow Honeypots"
`Michalis Polychronakis, Periklis Akritidis, Stelios Sidiroglou , Kostas G. Anagnostakis, Angelos D. Keromytis, and
`Evangelos Markatos.
`In the International Journal of Computer and Network Security (IJCNS), vol. 2, no. 7, July 2010.
`
`2009
`
`25.
`
`[SOSP '09] "Automatically Patching Errors in Deployed Software"
`Jeff H. Perkins (MIT), Sunghun Kim (HKUST), Sam Larsen (VMware), Saman Amarasinghe (MIT), Jonathan Bachrach
`(MIT), Michael Carbin (MIT), Carlos Pacheco (BCG), Frank Sherwood, Stelios Sidiroglou (MIT), Greg Sullivan (BAE
`AIT), Weng-Fai Wong (NUS), Yoav Zibin (Come2Play), Michael D. Ernst (U. of Washington), Martin Rinard (MIT)
`
`5 of 8
`
`10/7/2015 2:39 AM
`
`Columbia Ex 2032-5
`Symantec v Columbia
`IPR2015-00375
`
`

`
`Stelios Sidiroglou-Douskos Homepage
`
`http://people.csail.mit.edu/stelios/
`
`th
`In the Proceedings of the 22 ACM Symposium on Operating Systems Principles (SOSP)
`October 2009, Big Sky, MT.
`
`26.
`
`[ASPLOS '09] "ASSURE: Automatic Software Self-healing Using REscue points"
`Stelios Sidiroglou, Oren Laadan, Carlos-Rene Perez, Nico Viennot, Angelos D. keromytis and Jason Nieh
`th
`In the Proceedings of the 14 International Conference on Architectural Support for Programming Languages and
`Operating Systems (ASPLOS).
`March 2009, Washington, DC.
`
`27.
`
`"Methods and systems for repairing applications"
`Angelos D. Keromytis, Michael E. Locasto, and Stelios Sidiroglou. U.S. Patent Number 7,490,268. Issued on
`th
`February 10 2009.
`
`2008
`
`28.
`
`"Software Self-Healing Using Error Virtualization"
`Stelios Sidiroglou. PhD Thesis. Columbia University May 2008.
`
`2007
`
`29.
`
`[EC2ND '07] "Defending Against Next Generation Attacks Through Network/Endpoint Collaboration and
`Interaction"
`Spiros Antonatos, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, and Evangelos Markatos. In the
`rd
`Proceedings of the 3 European Conference on Computer Network Defense (EC2ND). October 2007, Heraclion,
`Greece. (Invited paper)
`
`30.
`
`[USENIX SEC '07] "Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks"
`Periklis Akritidis, W.Y. Chin, V.T. Lam, Stelios Sidiroglou, Kostas Anagnostakis
`in Proc. of USENIX Security 2007, August 2007 (Acceptance rate: 12.3%)
`
`31.
`
`[OAKLAND '07] "Using Rescue Points to Navigate Software Recovery (Short Paper)"
`Stelios Sidiroglou, Oren Laadan, Angelos D. Keromytis, and Jason Nieh. In the Proceedings of the IEEE Symposium
`on Security & Privacy. May 2007, Oakland, CA. (Acceptance rate: 8.3%)
`
`32.
`
`[IEEE SARNOFF '07] "Network Security as a Composable Service"
`Stelios Sidiroglou, Angelos Stavrou, and Angelos D. Keromytis. In the Proceedings of the IEEE Sarnoff Symposium.
`May 2007, Princeton, NJ. (Invited paper)
`
`33.
`
`[HOTDEP '07] "Band-aid Patching (Poster Paper)"
`rd
`Stelios Sidiroglou, Sotiris Ioannidis, and Angelos D. Keromytis. In the Proceedings of the 3 Workshop on Hot
`Topics in System Dependability (HotDep). June 2007, Edinburgh, UK.
`
`2006
`
`34.
`
`[HOTSEC '06] "Privacy as an Operating System Service"
`Stelios Sidiroglou, Sotiris Ioannidis and Angelos D. Keromytis. In the Proceedings of the Workshop on Hot Topics in
`Security (HOTSEC). August 2006, Vancouver, CA.
`
`35.
`
`"Execution Transactions for Defending Against Software Failures: Use and Evaluation"
`Stelios Sidiroglou and Angelos D. Keromytis. In Springer International Journal of Information Security (IJIS), vol. 5,
`no. 2, pp. 77 - 91, April 2006. (Extended version of the ISC 2005 paper.)
`
`6 of 8
`
`10/7/2015 2:39 AM
`
`Columbia Ex 2032-6
`Symantec v Columbia
`IPR2015-00375
`
`

`
`Stelios Sidiroglou-Douskos Homepage
`
`http://people.csail.mit.edu/stelios/
`
`2005
`
`36.
`
`[IEEE Security & Privacy '05] "Countering Network Worms Through Automatic Patch Generation"
`Stelios Sidiroglou and Angelos D. Keromytis. IEEE Security & Privacy, Volume:3 Issue 6, Nov.2005. Pages: 41-49
`An older, extended version is available as Columbia University Computer Science Department Technical Report
`CUCS-029-03, November 2003.
`
`37.
`
`[NDSS '05] "Software Self-Healing Using Collaborative Application Communities"
`Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the Internet Society (ISOC)
`Symposium on Network and Distributed Systems Security (SNDSS). February 2005, San Diego, CA. (Acceptance
`Rate: 13.6%)
`
`38.
`
`[ISC '05] "A Dynamic Mechanism for Recovering from Buffer Overflow Attacks"
`th
`Stelios Sidiroglou, Giannis Giovanidis, and Angelos D. Keromytis. In the Proceedings of the 8 Information Security
`Conference (ISC). September 2005, Singapore. An older version of this paper is available as Columbia University
`Computer Science Department Technical Report CUCS-031-04, September 2004. (Acceptance rate: 14%)
`
`39.
`
`[USENIX SEC '05] "Detecting Targeted Attacks Using Shadow Honeypots"
`Kostas G. Anagnostakis, Stelios Sidiroglou, Periklis Akritidis, Konstantinos Xinidis, Evangelos Markatos, and
`th
`Angelos D. Keromytis. In the Proceedings of the 14 USENIX Security Symposium. August 2005, Baltimore, MD.
`(Acceptance rate: 12.3%)
`
`40.
`
`[ISPEC '05] "An Email Worm Vaccine Architecture"
`Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, and Salvatore J. Stolfo. In the Proceedings of the 1st
`Information Security Practice and Experience Conference (ISPEC) April 2005, Singapore
`
`41.
`
`[USENIX TECH '05] "Building A Reactive Immune System for Software Services"
`Stelios Sidiroglou, Michael E. Locasto, Stephen W. Boyd, Angelos D. Keromytis. In the Proceedings of the USENIX
`Annual Technical Conference. April 2005, Anaheim,CA
`
`42.
`
`[HOTDEP '05] "Application Communities: Using Monoculture for Dependability"
`st
`Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the 1 Workshop on Hot
`Topics in System Dependability (HotDep), held in conjunction with the International Conference on Dependable
`Systems and Networks (DSN). June 2005, Yokohama, Japan.
`
`43.
`
`[NSPW '05] "Speculative Virtual Verification: Policy-Constrained Speculative Execution"
`Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the New Security
`Paradigms Workshop (NSPW). September 2005, Lake Arrowhead, CA.
`
`44.
`
`"Composite Hybrid Techniques for Defending against Targeted Attacks"
`Stelios Sidiroglou and Angelos D. Keromytis. In Malware Detection, vol. 27 of Advances in Information Security
`Series, Mihai Christodorescu, Somesh Jha, Douglas Maughan, Dawn Song, and Cliff Wang (editors). Springer,
`October 2006. (By invitation, as part of the ARO/DHS 2005 Workshop on Malware Detection.)
`
`2004
`
`45.
`
`"Hardware Support For Self-Healing Software Services"
`Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In ACM SIGARCH Computer Architecture News,
`vol. 33, no. 1, pp. 42 - 47. March 2005. Also appeared In the Proceedings of the Workshop on Architectural Support
`th
`for Security and Anti-Virus (WASSA), held in conjunction with the 11 International Conference on Architectural
`Support for Programming Languages and Operating Systems (ASPLOS-XI), pp. 37 - 43. October 2004, Boston, MA.
`
`46.
`
`[WASSA '04] "Hardware Support For Self-Healing Software Services"
`Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In the Proceedings of the Workshop on
`
`7 of 8
`
`10/7/2015 2:39 AM
`
`Columbia Ex 2032-7
`Symantec v Columbia
`IPR2015-00375
`
`

`
`Stelios Sidiroglou-Douskos Homepage
`
`http://people.csail.mit.edu/stelios/
`
`th
`Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11 International Conference
`on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI). October 2004, Boston,
`MA.
`
`2003
`
`47.
`
`[IEEE Communications '03] "Topics in in-how networking -Ubiquitous computing in home networks"
`Stefan Berger, Henning Schulzrinne, Stelios Sidiroglou and Xiaotao Wu. Communications Magazine, IEEE,
`Volume:41 Issue 11, Nov.2003. Pages: 128-135
`
`48.
`
`[WETICE '03] "A Network Worm Vaccine Architecture"
`Stelios Sidiroglou and Angelos D. Keromytis. In Proceedings of the IEEE International Workshops on Enabling
`Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security. June 2003,
`Linz, Austria.
`
`49.
`
`[NOSSDAV '03] "Ubiquitous Computing Using SIP"
`Stefan Berger, Henning Schulzrinne, Stelios Sidiroglou and Xiaotao Wu. In Proceedings of the ACM International
`Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV). June 2003,
`Monterey, CA.
`
`© Stelios Sidiroglou-Douskos 2012
`
`8 of 8
`
`10/7/2015 2:39 AM
`
`Columbia Ex 2032-8
`Symantec v Columbia
`IPR2015-00375