Conference Proceedings

Igor: Crash Deduplication Through root-Cause Clustering2021
Zhiyuan Jiang, Xiyue Jiang, Ahmad Hazimeh, Chaojing Tang, Chao Zhang, and Mathias Payer.
In CCS'21: ACM Conference on Computer and Communication Security, 2021 (source, DOI)

Principal Kernel Analysis: A Tractable Methodology to Simulate Scaled GPU Workloads (to appear)
Cesar Avalos Baddouh, Mahmoud Khairy, Roland N. Green, Mathias Payer, and Timothy G. Rogers.
In MICRO'21: International Symposium on Microarchitecture, 2021

uSCOPE: A Methodology for Analyzing Least-PrivilegeCompartmentalization in Large Software Artifacts
Nick Roessler, Lucas Atayde, Imani Palmer, Derrick McKee, Jai Pandey, Vasileios P. Kemerlis, Mathias Payer, Adam Bates, Andre DeHon, Jonathan M. Smith, and Nathan Dautenhahn.
In RAID'21: Recent Advances in Intrusion Detection, 2021

Seed Selection for Successful Fuzzing
Adrian Herrera, Hendra Gunadi, Shane Magrath, Michael Norrish, Mathias Payer, and Tony Hosking.
In ISSTA'21: ACM SIGSOFT International Symposium on Software Testing and Analysis, 2021 (DOI)

Gramatron: Effective Grammar-aware Fuzzing
Prashast Srivastava, and Mathias Payer.
In ISSTA'21: ACM SIGSOFT International Symposium on Software Testing and Analysis, 2021 (source, DOI)

Rebooting Virtual Memory with Midgard
Siddharth Gupta, Atri Bhattacharyya, Yunho Oh, Abhishek Bhattacharjee, Babak Falsafi, and Mathias Payer.
In ISCA'21: International Symposium on Computer Architecture, 2021

Code Specialization through Dynamic Feature Observation
Priyam Biswas, Nathan Burow, and Mathias Payer.
In CODASPY'21: ACM Conference on Data and Application Security and Privacy, 2021 (source, DOI)

Too Quiet in the Library: An Empirical Study of Security Updates in Android Apps' Native Code
Sumaya Almanee, Arda Unal, Mathias Payer, and Joshua Garcia.
In ICSE'21: International Conference on Software Engineering, 2021 (video, source, DOI)

LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth
Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave (Jing) Tian, and Antonio Bianchi.
In SEC'21: Usenix Security Symposium, 2021 (source)

Enclosure: language-based restriction of untrusted libraries
Adrien Ghosn, Marios Kogias, Mathias Payer, James R. Larus, and Edouard Bugnion.
In ASPLOS'21: International Conference on Architectural Support for Programming Languages and Operating Systems, 2021 (DOI)

MAGMA: A Ground-Truth Fuzzing Benchmark
Ahmad Hazimeh, Adrian Herrera, and Mathias Payer.
In SIGMETRICS'21: ACM SIGMETRICS, 2021 (source, DOI)

Evading Voltage-Based Intrusion Detection on Automotive CAN
Rohit Bhatia, Vireshwar Kumar, Khaled Serag, Z. Berkay Celik, Mathias Payer, and Dongyan Xu.
In NDSS'21: Network and Distributed System Security Symposium, 2021 (DOI)

SpecROP: Speculative Exploitation of ROP Chains2020
Atri Bhattacharyya, Andres Sanchez Marin, Esmaeil Mohammmadian Koruyeh, Nael Abu-Ghazaleh, Chengyu Song, and Mathias Payer.
In RAID'20: Recent Advances in Intrusion Detection, 2020 (presentation)

BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy Networks
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Mathias Payer, and Dongyan Xu.
In RAID'20: Recent Advances in Intrusion Detection, 2020 (presentation)

USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
Hui Peng, and Mathias Payer.
In SEC'20: Usenix Security Symposium, 2020 (source)

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
Yuseok Jeon, WookHyun Han, Nathan Burow, and Mathias Payer.
In ATC'20: Usenix Annual Technical Conference, 2020 (source)

uRAI: Securing Embedded Systems with Return Address Integrity
Naif Saleh Almakhdhub, Abraham A. Clements, Saurabh Bagchi, and Mathias Payer.
In NDSS'20: Network and Distributed System Security Symposium, 2020 (presentation, uRAI source, DOI)

HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
Abraham A. Clements, Eric Gustafson, Tobias Scharnowski, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer.
In SEC'20: Usenix Security Symposium, 2020 (HALucinator source, HALfuzz source)

FuzzGen: Automatic Fuzzer Generation
Kyriakos Ispoglou, Daniel Austin, Vishwath Mohan, and Mathias Payer.
In SEC'20: Usenix Security Symposium, 2020 (source)

RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization
Sushant Dinesh, Nathan Burow, Dongyan Xu, and Mathias Payer.
In Oakland'20: IEEE International Symposium on Security and Privacy, 2020 (source, DOI)

SMoTherSpectre: exploiting speculative execution through port contention2019
Atri Bhattacharyya, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Babak Falsafi, Mathias Payer, and Anil Kurmus.
In CCS'19: ACM Conference on Computer and Communication Security, 2019 (blog post, arXiv, source, DOI)

Butterfly Attack: Adversarial Manipulation of Temporal Properties of Cyber-Physical Systems
Rouhollah Mahfouzi, Amir Aminifar, Soheil Samii, Mathias Payer, Petru Eles, and Zebo Peng.
In RTSS'19: Real-Time Systems Symposium, 2019 (DOI)

Pythia: Remote Oracles for the Masses
Shin-Yeh Tsai, Mathias Payer, and Yiying Zhang.
In SEC'19: Usenix Security Symposium, 2019 (source)

BenchIoT: A Security Benchmark for the Internet of Things
Naif Saleh Almakhdhub, Abraham A. Clements, Mathias Payer, and Saurabh Bagchi.
In DSN'19: IEEE/IFIP International Conference on Dependable Systems and Networks, 2019 (presentation, source, DOI)

SoK: Shining Light on Shadow Stacks
Nathan Burow, Xingping Zhang, and Mathias Payer.
In Oakland'19: IEEE International Symposium on Security and Privacy, 2019 (presentation, source, DOI)

PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications
Yuseok Jeon, Junghwan Rhee, Chung Hwan Kim, Zhichun Li, Mathias Payer, Byoungyoung Lee, and Zhenyu Wu.
In CODASPY'19: ACM Conference on Data and Application Security and Privacy, 2019 (presentation, DOI)

Milkomeda: Safeguarding the Mobile GPU Interface Using WebGL Security Checks2018
Zhihao Yao, Saeed Mirzamohammadi, Ardalan Amiri Sani, and Mathias Payer.
In CCS'18: ACM Conference on Computer and Communication Security, 2018 (blog post, source, DOI)

Block Oriented Programming: Automating Data-Only Attacks
Kyriakos Ispoglou, Bader AlBassam, Trent Jaeger, and Mathias Payer.
In CCS'18: ACM Conference on Computer and Communication Security, 2018 (blog post, arXiv, source, DOI)

ACES: Automatic Compartments for Embedded Systems
Abraham A. Clements, Naif Saleh Almakhdhub, Saurabh Bagchi, and Mathias Payer.
In SEC'18: Usenix Security Symposium, 2018 (source)

T-Fuzz: fuzzing by program transformation
Hui Peng, Yan Shoshitaishvili, and Mathias Payer.
In Oakland'18: IEEE International Symposium on Security and Privacy, 2018 (presentation, source, DOI)

CUP: Comprehensive User-Space Protection for C/C++
Nathan Burow, Derrick McKee, Scott A. Carr, and Mathias Payer.
In AsiaCCS'18: ACM Symp. on InformAtion, Computer and Communications Security, 2018 (presentation, source, DOI)

CFIXX: Object Type Integrity for C++ Virtual Dispatch
Nathan Burow, Derrick McKee, Scott A. Carr, and Mathias Payer.
In NDSS'18: Network and Distributed System Security Symposium, 2018 (source, DOI)

HexType: Efficient Detection of Type Confusion Errors for C++2017
Yuseok Jeon, Priyam Biswas, Scott A. Carr, Byoungyoung Lee, and Mathias Payer.
In CCS'17: ACM Conference on Computer and Communication Security, 2017 (source, DOI)

Venerable Variadic Vulnerabilities Vanquished
Priyam Biswas, Alessandro Di Federico, Scott A. Carr, Prabhu Rajasekaran, Stijn Volckaert, Yeoul Na, Michael Franz, and Mathias Payer.
In SEC'17: Usenix Security Symposium, 2017 (presentation, source)

Protecting Bare-metal Embedded Systems with Privilege Overlays
Abraham A. Clements, Naif Saleh Almakhdhub, Khaled Saab, Prashast Srivastava, Jinkyu Koo, Saurabh Bagchi, and Mathias Payer.
In Oakland'17: IEEE International Symposium on Security and Privacy, 2017 (source, video, DOI)

One Process to Reap Them All: Garbage Collection As A Service
Ahmed Hussein, Mathias Payer, Antony L. Hosking, and Christopher A. Vick.
In VEE'17: ACM International Conference on Virtual Execution Environments, 2017 (DOI)

DataShield: Configurable Data Confidentiality and Integrity
Scott A. Carr, and Mathias Payer.
In AsiaCCS'17: ACM Symp. on InformAtion, Computer and Communications Security, 2017 (source, DOI)

Memory Safety for Embedded Devices with nesCheck
Daniele Midi, Mathias Payer, and Elisa Bertino.
In AsiaCCS'17: ACM Symp. on InformAtion, Computer and Communications Security, 2017 (presentation, source, DOI)

REV.NG: A Unified Binary Analysis Framework for CFG and Function Boundaries Recovery
Alessandro Di Federico, Mathias Payer, and Giovanni Agosta.
In CC'17: International Conference on Compiler Construction, 2017 (source, DOI)

An Evil Copy: How the Loader Betrays You
Xinyang Ge, Mathias Payer, and Trent Jaeger.
In NDSS'17: Network and Distributed System Security Symposium, 2017 (DOI)

Enforcing Least Privilege Memory Views for Multithreaded Applications2016
Terry Ching-Hsiang Hsu, Kevin Hoffman, Patrick Eugster, and Mathias Payer.
In CCS'16: ACM Conference on Computer and Communication Security, 2016 (source, DOI)

TypeSanitizer: Practical Type Confusion Detection
Istvan Haller, Yuseok Jeon, Hui Peng, Mathias Payer, Herbert Bos, Cristiano Giuffrida, and Erik van der Kouwe.
In CCS'16: ACM Conference on Computer and Communication Security, 2016 (source, DOI)

Forgery-Resistant Touch-based Authentication on Mobile Devices
Neil Zhenqiang Gong, Mathias Payer, Reza Moazzezi, and Mario Frank.
In AsiaCCS'16: ACM Symp. on InformAtion, Computer and Communications Security, 2016 (presentation, DOI)

HexPADS: a platform to detect "stealth" attacks
Mathias Payer.
In ESSoS'16: Int'l. Symp. on Eng. Secure Software and Systems, 2016 (presentation, artifact evaluation award, source, DOI)

VTrust: Regaining Trust on Your Virtual Calls
Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, and Dawn Song.
In NDSS'16: Network and Distributed System Security Symposium, 2016 (DOI)

Fine-Grained Control-Flow Integrity for Kernel Software
Xinyang Ge, Nirupama Talele, Mathias Payer, and Trent Jaeger.
In EuroSP'16: IEEE European Symposium on Security and Privacy, 2016 (DOI)

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity2015
Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross.
In SEC'15: Usenix Security Symposium, 2015 (source)

Fine-Grained Control-Flow Integrity through Binary Hardening
Mathias Payer, Antonio Barresi, and Thomas R. Gross.
In DIMVA'15: Conference on Detection of Intrusions and Malware and Vulnerability Assessment, 2015 (presentation, DOI)

Don't Race the Memory Bus: Taming the GC Leadfoot
Ahmed Hussein, Antony L. Hosking, Mathias Payer, and Christopher A. Vick.
In ISMM'15: ACM SIGPLAN International Symposium on Memory Management, 2015 (DOI)

Impact of GC Design on Power and Performance for Android
Ahmed Hussein, Mathias Payer, Antony L. Hosking, and Christopher A. Vick.
In SYSTOR'15: ACM International Systems and Storage Conference, 2015 (DOI)

On Cybersecurity of Freeway Control Systems: Analysis of Coordinated Ramp Metering Attacks2014
Jack Reilly, Sebastien Martin, Mathias Payer, and Alexandre Bayen.
In TRB'14: Transportation Research Board, 2014

Code-Pointer Integrity
Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, Dawn Song, and R. Sekar.
In OSDI'14: Usenix Symposium on Operating Systems Design and Implementation, 2014 (source)

The Matter of Heartbleed
Zakir Durumeric, James Kasten, Frank Li, Nicolas Weaver, Vern Paxson, Michael Bailey, J. Alex Halderman, Jethro Beekman, Johanna Amann, Mathias Payer, and David Adrian.
In IMC'14: ACM Internet Measurement Conference, 2014 (best paper award, DOI)

JIGSAW: Protecting Resource Access by Inferring Programmer Intentions
Hayawardh Vijayakumar, Xinyang Ge, Mathias Payer, and Trent Jaeger.
In SEC'14: Usenix Security Symposium, 2014

HI-CFG: Construction by Binary Analysis, and Application to Attack Polymorphism2013
Dan Caselden, Alex Bazhanyuk, Mathias Payer, Stephen McCamant, and Dawn Song.
In ESORICS'13: European Symposium on Research in Computer Security, 2013 (presentation, source, DOI)

Hot-Patching a Web Server: a Case Study of ASAP Code Repair
Mathias Payer, and Thomas R. Gross.
In PST'13: IEEE Conference on Privacy, Security, and Trust, 2013 (presentation, best paper award, DOI)

Lightweight Memory Tracing
Mathias Payer, Enrico Kravina, and Thomas R. Gross.
In ATC'13: Usenix Annual Technical Conference, 2013 (presentation, source)

SoK: Eternal war in memory
Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song.
In Oakland'13: IEEE International Symposium on Security and Privacy, 2013 (DOI)

Protecting Applications Against TOCTTOU Races by User-Space Caching of File Metadata2012
Mathias Payer, and Thomas R. Gross.
In VEE'12: ACM International Conference on Virtual Execution Environments, 2012 (presentation, source, DOI)

Safe Loading - A Foundation for Secure Execution of Untrusted Programs
Mathias Payer, Tobias Hartmann, and Thomas R. Gross.
In Oakland'12: IEEE International Symposium on Security and Privacy, 2012 (presentation, source, DOI)

Fine-grained user-space security through virtualization2011
Mathias Payer, and Thomas R. Gross.
In VEE'11: ACM International Conference on Virtual Execution Environments, 2011 (presentation, source, DOI)

Performance evaluation of adaptivity in software transactional memory
Mathias Payer, and Thomas R. Gross.
In ISPASS'11: International Symposium on Performance Analysis of Systems and Software, 2011 (presentation, source, DOI)

Generating low-overhead dynamic binary translators2010
Mathias Payer, and Thomas R. Gross.
In SYSTOR'10: ACM International Systems and Storage Conference, 2010 (presentation, source, DOI)

Online optimization driven by hardware performance monitoring2007
Florian T. Schneider, Mathias Payer, and Thomas R. Gross.
In PLDI'07: ACM International Conference on Programming Language Design and Implementation, 2007 (DOI)

Journal and Magazine Publications

Early evidence of effectiveness of digital contact tracing for SARS-CoV-2 in Switzerland2020
Marcel Salathe, Christian Althaus, Nanina Anderegg, Daniele Antonioli, Talai Ballouz, Edouard Bugnion, Srdjan Capkun, Dennis Jackson, Sang-Il Kim, James Larus, Nicola Low, Wouter Lueks, Dominik Menges, Cederic Moullet, Mathias Payer, Julien Riou, Theresa Stadler, Carmela Troncoso, Effyj Vayena, and Viktor von Wyl.
In SMW'20: Swiss Medical Weekly, 2020 (DOI)

Decentralized Privacy-Preserving Proximity Tracing
Carmela Troncoso, Mathias Payer, Jean-Pierre Hubaux, Marcel Salathe, James R. Larus, Wouter Lueks, Theresa Stadler, Apostolos Pyrgelis, Daniele Antonioli, Ludovic Barman, Sylvain Chatel, Kenneth G. Paterson, Srdjan Capkun, David A. Basin, Jan Beutel, Dennis Jackson, Marc Roeschlin, Patrick Leu, Bart Preneel, Nigel P. Smart, Aysajan Abidin, Seda Guerses, Michael Veale, Cas Cremers, Michael Backes, Nils Ole Tippenhauer, Reuben Binns, Ciro Cattuto, Alain Barrat, Dario Fiore, Manuel Barbosa, Rui Oliveira, and Jose Pereira.
In DEB'20: IEEE Data Engineering Bulletin, 2020 (DP3T GitHub)

The Fuzzing Hype-Train: How Random Testing Triggers Thousands of Crashes2019
Mathias Payer.
In SP'19: IEEE Security and Privacy Magazine, 2019 (DOI)

Control-Flow Integrity: Precision, Security, and Performance2017
Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer.
In CSUR'17: ACM Computing Surveys, 2017 (arXiv, DOI)

Automatic Contract Insertion with CCBot2016
Scott A. Carr, Francesco Logozzo, and Mathias Payer.
In TSE'16: IEEE Transactions on Software Engineering, 2016 (source, DOI)

Creating Complex Congestion Patterns via Multi-objective Optimal Freeway Traffic Control with Application to Cyber-Security
Jack Reilly, Sebastien Martin, Mathias Payer, and Alexandre M. Bayen.
In TRB'16: Transportation Research Board, 2016 (DOI)

What You Submit is Who You Are: A Multi-Modal Approach for Deanonymizing Scientific Publications2014
Mathias Payer, Ling Huang, Neil Zhenqiang Gong, Kevin Borgolte, and Mario Frank.
In TIFS'14: IEEE Transactions on Information Forensics and Security, 2014 (DOI)

Eternal War in Memory
Laszlo Szekeres, Mathias Payer, Tao Wei, and R. Sekar.
In SP'14: IEEE Security and Privacy Magazine, 2014 (DOI)

Workshop Proceedings

BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy2020
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, and Dongyan Xu.
In WOOT'20: Usenix Workshop on Offensive Technologies, 2020 (best paper award)

FirmFuzz: Automated IoT Firmware Introspection and Analysis2019
Prashast Srivastava, Hui Peng, Jiahao Li, Hamed Okhravi, Howard Shrobe, and Mathias Payer.
In IOTSP'19: Workshop on the Internet of Things Security and Privacy, 2019 (presentation, source, DOI)

Employing Attack Graphs for Intrusion Detection
Frank Capobianco, Rahul George, Kaiming Huang, Trent Jaeger, Mathias Payer, Srikanth Krishnamurthy, Zhiyun Qian, and Paul Yu.
In NSPW'19: New Security Paradigms Workshop, 2019

libdetox: A Framework for Online Program Transformation2016
Mathias Payer.
In FEAST'16: Forming an Ecosystem Around Software Transformation, 2016

PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution
Andreas Follner, Alexandre Bartel, Hui Peng, Yu-Chen Chang, Kyriakos Ispoglou, Mathias Payer, and Eric Bodden.
In STM'16: International Workshop on Security and Trust Management, 2016 (source, DOI)

malWASH: Washing malware to evade dynamic analysis
Kyriakos Ispoglou, and Mathias Payer.
In WOOT'16: Usenix Workshop on Offensive Technologies, 2016

CAIN: Silently Breaking ASLR in the Cloud2015
Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross.
In WOOT'15: Usenix Workshop on Offensive Technologies, 2015 (advisory, blog post)

The Correctness-Security Gap in Compiler Optimization
Vijay D'Silva, Mathias Payer, and Dawn Song.
In LangSec'15: Language-theoretic Security IEEE Security and Privacy Workshop, 2015 (presentation, best paper award, DOI)

DynSec: On-the-fly Code Rewriting and Repair2013
Mathias Payer, Boris Bluntschli, and Thomas R. Gross.
In HotSWUp'13: Usenix Workshop on Hot Topics in Software Upgrades, 2013 (presentation)

String Oriented Programming: When ASLR is Not Enough
Mathias Payer, and Thomas R. Gross.
In PPREW'13: Program Protection and Reverse Engineering Workshop, 2013 (presentation, DOI)

LLDSAL: A Low-Level Domain-Specific Aspect Language for Dynamic Code-Generation and Program Modification2012
Mathias Payer, Boris Bluntschli, and Thomas R. Gross.
In DSAL'12: AOSD workshop on Domain-Specific Aspect Languages, 2012 (presentation, DOI)

Requirements for Fast Binary Translation2009
Mathias Payer, and Thomas R. Gross.
In AMAS-BT'09: Workshop on Architectural and Microarchitectural Support for Binary Translation, 2009 (presentation, source)

Books and Chapters

Software Security: Principles, Policies, and Protection (SS3P)2018
Mathias Payer.
In SS3P'18: Open Textbook, 2018 (book)

How Memory Safety Violations Enable Exploitation of Programs
Mathias Payer.
In ArmsRace'18: The Continuing Arms Race, 2018 (DOI)

Code-pointer Integrity
Volodymyr Kuznetzov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song.
In ArmsRace'18: The Continuing Arms Race, 2018 (DOI)

Technical Reports and Hacker Conferences

DP3T - Decentralized Privacy-Preserving Proximity Tracing2020
Carmela Troncoso, Mathias Payer, Jean-Pierre Hubaux, Marcel Salathe, James R. Larus, Edouard Bugnion, Wouter Lueks, Theresa Stadler, Apostolos Pyrgelis, Daniele Antonioli, Ludovic Barman, Sylvain Chatel, Srdjan Capkun, Kenneth G. Paterson, David A. Basin, Jan Beutel, Dennis Jackson, Bart Preneel, Nigel Smart, Dave Singelee, Aysajan Abidin, Seda Guerses, Michael Veale, Cas Cremers, Michael Backes, Reuben Binns, Ciro Cattuto, Alain Barrat, Giuseppe Persiano, Dario Fiore, Manuel Barbosa, and Dan Boneh.
In TR'20: Technical Report, 2020 (DP3T GitHub)

From the Bluetooth Standard to Standard Compliant 0-days
Daniele Antonioli, and Mathias Payer.
In HardwearIO'20: Hardwear.IO Hardware Security Conference and Training, 2020

SMoTherSpectre: Exploiting speculative execution through port contention
Atri Bhattacharyya, and Mathias Payer.
In InsomniHack'20: InsomniHack Conference, 2020

No source, no problem! High speed binary fuzzing2019
Matteo Rizzo, and Mathias Payer.
In CCC'19: Chaos Communication Congress, 2019 (presentation, talk, source)

Type Confusion: Discovery, Abuse, Protection2018
Mathias Payer.
In SyScan360'18: Symposium on Security for Asia Network + 360, 2018 (presentation, source)

Type confusion: discovery, abuse, and protection2017
Mathias Payer.
In CCC'17: Chaos Communication Congress, 2017 (talk)

Protecting bare-metal smart devices with EPOXY
Mathias Payer.
In BalCCon'17: Balkan Computer Congress, 2017

Protecting bare-metal smart devices with EPOXY
Mathias Payer.
In SyScan360'17: Symposium on Security for Asia Network + 360, 2017 (presentation, source)

Control-Flow Hijacking: Are We Making Progress?
Mathias Payer.
In AsiaCCS'17: ACM Symp. on InformAtion, Computer and Communications Security, 2017 (presentation)

Memory Corruption: Why We Can't Have Nice Things2016
Mathias Payer.
In BalCCon'16: Balkan Computer Congress, 2016 (presentation, source)

New memory corruption attacks: why can't we have nice things?2015
Mathias Payer.
In CCC'15: Chaos Communication Congress, 2015 (presentation, source, talk)

Silently Breaking ASLR in the Cloud
Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross.
In BHEU'15: BlackHat Europe, 2015 (presentation)

Code-Pointer Integrity2014
Mathias Payer.
In CCC'14: Chaos Communication Congress, 2014 (presentation, talk)

Similarity-based matching meets Malware Diversity
Mathias Payer, Stephen Crane, Per Larsen, Stefan Brunthaler, Richard Wartell, and Michael Franz.
In arXiv'14: arXiv Technical Report, 2014 (arXiv Technical Report 2014)

Lockdown: Dynamic Control-Flow Integrity
Mathias Payer, Antonio Barresi, and Thomas R. Gross.
In TR'14: Technical Report, 2014 (DOI)

Embracing the New Threat: Towards Automatically Self-Diversifying Malware
Mathias Payer.
In SyScan360'14: Symposium on Security for Asia Network + 360, 2014 (presentation, source, first blog post, second blog post)

WarGames in Memory2013
Mathias Payer.
In CCC'13: Chaos Communication Congress, 2013 (presentation, talk)

Triggering Deep Vulnerabilities Using Symbolic Execution
Mathias Payer.
In CCC'13: Chaos Communication Congress, 2013 (presentation, talk, blog post)

Transformation-Aware Symbolic Execution for System Test Generation
Stephen McCamant, Mathias Payer, Dan Caselden, Alex Bazhanyuk, and Dawn Song.
In TR'13: Technical Report, 2013

Transformation-aware Exploit Generation using a HI-CFG
Dan Caselden, Alex Bazhanyuk, Mathias Payer, Stephen McCamant, and Dawn Song.
In TR'13: Technical Report, 2013

Too much PIE is bad for performance2012
Mathias Payer.
In TR'12: Technical Report, 2012

String Oriented Programming - Circumventing ASLR, DEP, and Other Guards2011
Mathias Payer.
In CCC'11: Chaos Communication Congress, 2011 (presentation, talk)

I Control Your Code - Attack Vectors Through the Exes of Software-based Fault Isolation2010
Mathias Payer.
In CCC'10: Chaos Communication Congress, 2010 (presentation, talk)

adaptSTM - An Online Fine-Grained Adaptive STM System
Mathias Payer, and Thomas R. Gross.
In TR'10: Technical Report, 2010 (source)

secuBT: Hacking the Hackers with User-Space Virtualization2009
Mathias Payer.
In CCC'09: Chaos Communication Congress, 2009 (presentation, source)