1

Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance
Provenance graphs are structured audit logs that describe the history of a system’s execution. Recent studies have explored a …
Z Cheng, Q Lv, J Liang, Y Wang, D Sun, T Pasquier, X Han
PDF Cite
Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance
Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing
For safety reasons, unprivileged users today have only limited ways to customize the kernel through the extended Berkeley Packet Filter …
SY Lim, X Han, T Pasquier
PDF Cite DOI
Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing
Secure Namespaced Kernel Audit for Containers
Despite the wide usage of container-based cloud computing, container auditing for security analysis relies mostly on built-in host …
SY Lim, B Stelea, X Han, T Pasquier
PDF Cite
Secure Namespaced Kernel Audit for Containers
SIGL: Securing Software Installations Through Deep Graph Learning
Many users implicitly assume that software can only be exploited after it is installed. However, recent supply-chain attacks …
X Han, X Yu, T Pasquier, D Li, J Rhee, J Mickens, M Seltzer, C Haifeng
PDF Cite
SIGL: Securing Software Installations Through Deep Graph Learning
Accelerating the Configuration Tuning of Big Data Analytics with Similarity-aware Multitask Bayesian Optimization
One of the key challenges for data analytics deployment is configuration tuning. The existing approaches for configuration tuning are …
A Fekry, L Carata, T Pasquier, A Rice
PDF Cite Slides
Accelerating the Configuration Tuning of Big Data Analytics with Similarity-aware Multitask Bayesian Optimization
To Tune or Not to Tune? In Search of Optimal Configurations for Data Analytics
This experimental study presents a number of issues that pose a challenge for practical configuration tuning and its deployment in data …
A Fekry, L Carata, T Pasquier, A Rice, A Hopper
PDF Cite
To Tune or Not to Tune? In Search of Optimal Configurations for Data Analytics
Xanthus: Push-button Orchestration of Host Provenance Data Collection
Host-based anomaly detectors generate alarms by inspecting audit logs for suspicious behavior. Unfortunately, evaluating these anomaly …
X Han, J Mickens, A Gehani, M Seltzer, T Pasquier
PDF Cite
Xanthus: Push-button Orchestration of Host Provenance Data Collection
UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats
Advanced Persistent Threats (APTs) are difficult to detect due to their low-and-slow attack patterns and frequent use of zero-day …
X Han, T Pasquier, A Bates, J Mickens, M Seltzer
PDF Cite
UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats
Facilitating plausible deniability for cloud providers regarding tenants' activities using trusted execution
A cloud provider that can technically determine tenants’ operations may be compelled to disclose such activities by law …
D O'Keeffe, A Vranaki, T Pasquier, D Eyers
PDF Cite
Demonstrating the Practicality of Unikernels to Build a Serverless Platform at the Edge
The rise of IoT has led to large volumes of personal data being produced at the network’s edge. Most IoT applications process data in …
C Mistry, B Stelea, V Kumar, T Pasquier
PDF Cite Code DOI