Daniel Andriesse

I’m a researcher at Intel, where my research areas include CPU glitching and taint tracking. I’m also studying Mathematics (at Vrije Universiteit Amsterdam) and Physics (at University of Amsterdam).

Before joining Intel, I was a postdoctoral researcher in the System and Network Security Group at Vrije Universiteit Amsterdam. I obtained my Ph.D. in Computer Science (cum laude) at Vrije Universiteit Amsterdam in June 2017 for my thesis entitled “Analyzing and Securing Binaries Through Static Disassembly,” winning the Roger Needham Ph.D. Award at EuroSys 2018, and the ACM SIGSAC Doctoral Dissertation Award at CCS 2018.

I was one of the main reverse engineers in the takedown of the GameOver Zeus peer-to-peer botnet (Operation Tovar), and I'm the author of Practical Binary Analysis. You can see my CV here.

Picture of me.

Practical Binary Analysis

Available in English, Polish, Korean, Japanese, and gate.io. See the book website for more information.

Cover of Practical Binary Analysis.
Cover of Polish translation
Cover of Korean translation
Cover of Chinese translation
Cover of Japanese translation

Publications

Peer-Reviewed Papers

2020

  • M. Kurth, B. Gras, D. Andriesse, C. Giuffrida, H. Bos, and K. Razavi, “NetCAT: Practical Cache Attacks from the Network,” in Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P'20), (San Francisco, CA, USA), May 2020. PDF BibTeX
    @inproceedings{netcat_sp2020, author = {Kurth, Michael and Gras, Ben and Andriesse, Dennis and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh}, title = {{NetCAT}: {Practical} {Cache} {Attacks} from the {Network}}, booktitle = {{Proceedings of the 41st IEEE Symposium on Security and Privacy (S\&P'20)}}, publisher = {{IEEE}}, address = {{San Francisco, CA, USA}}, month = {May}, year = {2020} } × « Download citation »     « Close »

2019

  • A. Pawlowski, V. van der Veen, D. Andriesse, E. van der Kouwe, T. Holz, C. Giuffrida, and H. Bos, “VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching,” in Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC'19), (San Juan, PR, USA), December 2019. PDF BibTeX
    @inproceedings{acsac2019, author = {A. Pawlowski and V. van der Veen and D. Andriesse and E. van der Kouwe and T. Holz and C. Giuffrida and H. Bos}, title = {{VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching}}, booktitle = {{Proceedings of the 2019 Annual Computer Security Applications Conference (ACSAC'19)}}, month = {December}, year = {2019} } × « Download citation »     « Close »
  • E. van der Kouwe, G. Heiser, D. Andriesse, H. Bos, and C. Giuffrida, “SoK: Benchmarking Flaws in Systems Security,” in Proceedings of the 4th IEEE European Symposium on Security and Privacy (EuroS&P'19), (Stockholm, Sweden), June 2019. PDF BibTeX
    @inproceedings{benchcrimes-eurosp-2019, author = {Erik van der Kouwe and Gernot Heiser and Dennis Andriesse and Herbert Bos and Cristiano Giuffrida}, title = {{SoK: Benchmarking Flaws in Systems Security}}, booktitle = {{Proceedings of the 4th IEEE European Symposium on Security and Privacy (EuroS\&P'19)}}, publisher = {{IEEE}}, address = {{Stockholm, Sweden}}, month = {June}, year = {2019} } × « Download citation »     « Close »

2018

  • F. de Goër, S. Rawat, D. Andriesse, H. Bos, and R. Groz, “Now You See Me: Real-time Dynamic Function Call Detection,” in Proceedings of the 2018 Annual Computer Security Applications Conference (ACSAC'18), (San Juan, Puerto Rico, USA), December 2018. PDF BibTeX Source
    @inproceedings{acsac2018, author = {Franck de Go\"er and Sanjay Rawat and Dennis Andriesse and Herbert Bos and Roland Groz}, title = {{Now You See Me: Real-time Dynamic Function Call Detection}}, booktitle = {{Proceedings of the 2018 Annual Computer Security Applications Conference (ACSAC'18)}}, month = {December}, year = {2018} } × « Download citation »     « Close »
  • R. K. Konoth, M. Oliverio, A. Tatar, D. Andriesse, H. Bos, C. Giuffrida, and K. Razavi, “ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks,” in Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI'18), (Carlsbad, CA, USA), October 2018. PDF BibTeX
    @inproceedings{osdi2018, author = {Radhesh Krishnan Konoth and Marco Oliverio and Andrei Tatar and Dennis Andriesse and Herbert Bos and Cristiano Giuffrida and Kaveh Razavi}, title = {{ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks}}, booktitle = {{Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI'18)}}, publisher = {{USENIX}}, address = {{Carlsbad, CA, USA}}, month = {October}, year = {2018} } × « Download citation »     « Close »

2017

  • V. van der Veen, D. Andriesse, M. Stamatogiannakis, X. Chen, H. Bos, and C. Giuffrida, “The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later,” in Proceedings of the 24th Conference on Computer and Communications Security (CCS'17), (Dallas, TX, USA), October 2017. PDF BibTeX
    @inproceedings{ccs2017, author = {Victor van der Veen and Dennis Andriesse and Manolis Stamatogiannakis and Xi Chen and Herbert Bos and Cristiano Giuffrida}, title = {{The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later}}, booktitle = {{Proceedings of the 24th Conference on Computer and Communications Security (CCS'17)}}, publisher = {{ACM}}, address = {{Dallas, TX, USA}}, month = {October}, year = {2017} } × « Download citation »     « Close »
  • D. Andriesse, A. Slowinska, and H. Bos, “Compiler-Agnostic Function Detection in Binaries,” in Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P'17), (Paris, France), April 2017. (Best Paper Award) PDF BibTeX Source Slides
    @inproceedings{andriesse-eurosp-2017, author = {Dennis Andriesse and Asia Slowinska and Herbert Bos}, title = {{Compiler-Agnostic Function Detection in Binaries}}, booktitle = {{Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS\&P'17)}}, publisher = {{IEEE}}, address = {{Paris, France}}, month = {April}, year = {2017} } × « Download citation »     « Close »

2016

2015

  • D. Andriesse, V. van der Veen (joint first author), E. Göktaş, B. Gras, L. Sambuc, A. Slowinska, H. Bos, and C. Giuffrida, “Practical Context-Sensitive CFI,” in Proceedings of the 22nd Conference on Computer and Communications Security (CCS'15), (Denver, CO, USA), ACM, October 2015. PDF BibTeX Source Slides
    @inproceedings{andriesse-ccs-2015, author = {Dennis Andriesse and Victor {van der Veen} and Enes G{\"o}kta{\c s} and Ben Gras and Lionel Sambuc and Asia Slowinska and Herbert Bos and Cristiano Giuffrida}, title = {{Practical Context-Sensitive CFI}}, booktitle = {{Proceedings of the 22nd Conference on Computer and Communications Security (CCS'15)}}, publisher = {{ACM}}, address = {{Denver, CO, USA}}, month = {October}, year = {2015} } × « Download citation »     « Close »
  • D. Andriesse, C. Rossow, and H. Bos, “Reliable Recon in Adversarial Peer-to-Peer Botnets,” in Proceedings of the 15th Internet Measurement Conference (IMC'15), (Tokyo, Japan), ACM, October 2015. PDF BibTeX Addendum Slides
    @inproceedings{andriesse-imc-2015, author = {Dennis Andriesse and Christian Rossow and Herbert Bos}, title = {{Reliable Recon in Adversarial Peer-to-Peer Botnets}}, booktitle = {{Proceedings of the 15th Internet Measurement Conference (IMC'15)}}, publisher = {ACM}, address = {Tokyo, Japan}, month = {October}, year = {2015} } × « Download citation »     « Close »
  • D. Andriesse, H. Bos, and A. Slowinska, “Parallax: Implicit Code Integrity Verification Using Return-Oriented Programming,” in Proceedings of the 45th Conference on Dependable Systems and Networks (DSN'15), (Rio de Janeiro, Brazil), IEEE Computer Society, June 2015. PDF BibTeX Slides
    @inproceedings{andriesse-dsn-2015, author = {Dennis Andriesse and Herbert Bos and Asia Slowinska}, title = {{Parallax: Implicit Code Integrity Verification Using Return-Oriented Programming}}, booktitle = {{Proceedings of the 45th Conference on Dependable Systems and Networks (DSN'15)}}, publisher = {{IEEE Computer Society}}, address = {{Rio de Janeiro, Brazil}}, month = {June}, year = {2015}, } × « Download citation »     « Close »
  • X. Chen, A. Slowinska, D. Andriesse, H. Bos, and C. Giuffrida, “StackArmor: Comprehensive Protection from Stack-Based Memory Error Vulnerabilities for Binaries,” in Proceedings of the Network and Distributed System Security Symposium (NDSS’15), (San Diego, CA, USA), Internet Society, February 2015. PDF BibTeX
    @inproceedings{chen-ndss-2015, author = {Xi Chen and Asia Slowinska and Dennis Andriesse and Herbert Bos and Cristiano Giuffrida}, title = {{StackArmor: Comprehensive Protection from Stack-Based Memory Error Vulnerabilities for Binaries}}, booktitle = {{Proceedings of the Network and Distributed System Security Symposium (NDSS'15)}}, publisher = {{Internet Society}}, address = {{San Diego, CA, USA}}, month = {February}, year = {2015}, } × « Download citation »     « Close »

2014

  • D. Andriesse and H. Bos, “Instruction-Level Steganography for Covert Trigger-Based Malware (Extended Abstract),” in Proceedings of the 11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA’14), (London, United Kingdom), Springer-Verlag, July 2014. PDF BibTeX Slides
    @inproceedings{andriesse-dimva-2014, author = {Dennis Andriesse and Herbert Bos}, title = {{Instruction-Level Steganography for Covert Trigger-Based Malware}}, booktitle = {{Proceedings of the 11th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA'14)}}, publisher = {{Springer-Verlag}}, address = {{London, United Kingdom}}, month = {July}, year = {2014}, } × « Download citation »     « Close »

2013

  • D. Andriesse, C. Rossow, B. Stone-Gross, D. Plohmann, and H. Bos, “Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus,” in Proceedings of the 8th IEEE International Conference on Malicious and Unwanted Software (MALWARE’13), (Fajardo, Puerto Rico, USA), IEEE Computer Society, October 2013. PDF BibTeX
    @inproceedings{andriesse-malware-2013, author = {Dennis Andriesse and Christian Rossow and Brett {Stone-Gross} and Daniel Plohmann and Herbert Bos}, title = {{Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus}}, booktitle = {{Proceedings of the 8th IEEE International Conference on Malicious and Unwanted Software (MALWARE'13)}}, publisher = {{IEEE Computer Society}}, address = {{Fajardo, Puerto Rico, USA}}, month = {October}, year = {2013}, } × « Download citation »     « Close »
    Since the publication of our MALWARE’13 paper, P2P Zeus has seen several updates. Most notably, some recent variants use the DGA as the main C2 channel instead of the P2P proxy layer. For a technical reference, it is therefore best to refer to our periodically updated technical report.
  • C. Rossow, D. Andriesse, T. Werner, B. Stone-Gross, D. Plohmann, C. Dietrich, and H. Bos, “P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets,” in Proceedings of the 34th IEEE Symposium on Security and Privacy (S&P’13), (San Francisco, CA, USA), IEEE Computer Society, May 2013. PDF BibTeX
    @inproceedings{rossow-oakland-2013, author = {Christian Rossow and Dennis Andriesse and Tillmann Werner and Brett {Stone-Gross} and Daniel Plohmann and Christian Dietrich and Herbert Bos}, title = {{P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets}}, booktitle = {{Proceedings of the 34th IEEE Symposium on Security and Privacy (Oakland'13)}}, publisher = {{IEEE Computer Society}}, address = {{San Francisco, CA, USA}}, month = {May}, year = {2013}, } × « Download citation »     « Close »

Preprints

Technical Reports

  • D. Andriesse, C. Rossow and H. Bos, “Distributed Crawler Detection in Peer-to-Peer Botnets,” Technical Report IR-CS-77, VU University Amsterdam, October 2015. PDF BibTeX
    @techreport{andriesse-crawlers-2015, author = {Dennis Andriesse and Christian Rossow and Herbert Bos}, title = {{Distributed Crawler Detection in Peer-to-Peer Botnets}}, institution = {{VU University Amsterdam}}, number = {{IR-CS-77}}, year = {2015}, month = {October}, } × « Download citation »     « Close »
  • D. Andriesse and H. Bos, “An Analysis of the Zeus Peer-to-Peer Protocol,” Technical Report IR-CS-74, VU University Amsterdam, May 2013 (last revised April 2014). PDF BibTeX
    @techreport{andriesse-zeus-2013, author = {Dennis Andriesse and Herbert Bos}, title = {{An Analysis of the Zeus Peer-to-Peer Protocol}}, institution = {{VU University Amsterdam}}, number = {{IR-CS-74}}, year = {2013}, month = {May}, } × « Download citation »     « Close »

Theses

*Note that much of my research was published as Dennis Andriesse.

Reviewing

RAID’24
PC member

WOOT’23
PC member

ACM TOPLAS
Reviewer (May’21)

BAR’20
PC member

IEEE Security&Privacy Magazine
Reviewer (Oct’19)

EuroS&P’19
PC member

CCS’18
PC member

WOOT’18
PC member

ACM Computing Surveys (CSUR)
Reviewer (July’18)

ICDCS’18
PC member (short track)

IEEE Security&Privacy Magazine
Reviewer (Aug’17)

Journal of Computer Security
Reviewer (May’17)

ASPLOS’17
External reviewer

MALCON’16
External reviewer