Georgios Portokalidis

I am an assistant Professor in the Department of Computer Science at Stevens Institute of Technology. I am also the director for the MS in Cybersecurity program at Stevens. I obtained my PhD from Vrije Universiteit in Amsterdam on February 2010. My research interests are mainly around the area of systems and security, including software security, authentication, privacy, and software resiliency.

I have been working on information-flow tracking for a while now, and I am interested in novel methods and technologies that can improve performance and accuracy. I have been also working on hardening software against attacks based on memory corruption bugs, like code-reuse attacks. This has lead to a series of papers attacking various defenses proposed in academic papers and an interest in developing tools and metrics for evaluating defenses. I am also interested in exploring synergies to improve authentication on the web and the physical world.

I am looking for bright students to work on two federally funded projects on using compilers and modern CPU features for improving software security and on HW-accelerated information-flow tracking. More information below.

CV | Google Scholar Profile | @portokalidis

Recent News

"Location-enhanced Authentication using the IoT" was accepted to the 2016 Annual Computer Security Applications Conference (ACSAC)

"NaClDroid: Native Code Isolation for Android Applications" was accepted to the 2016 ESORICS conference.

"Undermining Entropy-based Information Hiding (And What to do About it)" was accepted to the 2016 USENIX Security Symposium.

I received an award from ONR for developing techniques to harden software using dynamic and static analysis.

Openings

PhD Positions

Interested in pursuing a PhD in the New York area?

I'm looking for good students that wish to pursue a PhD to join my group in the department of Computer Science at Stevens Institute of Technology and work on various aspects of systems and security. Good programming skills in C and intellectual curiosity required! While not required, if you have a publication in any of these security or systems conferences you should email me immediately!

Joining the PhD program does not require an MS degree. All PhD students receive financial support through through externally funded projects, departmental funds, or scholarships.

If you are interested please email me and submit an application.

Opportunities for Stevens students

If you are a Stevens undergraduate or graduate student interested in doing some research, I, occasionally, support non-PhD students with exceptional skills to work on research projects. If you are one of them, please contact me.

Stevens also provides various opportunities for summer research (to undergraduate students only) through the Pinnacle scholars and I&E scholars programs.

Finally, if you are looking to improve yourself and take on challenging problems, you can do research for credit through courses CS-497-S and CS-800-S. Make sure to contact me before you attempt to enroll.

Research Highlights

Publications

Size Does Matter - Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard (pdf)
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 2014 (19.1%)

Out Of Control: Overcoming Control-Flow Integrity (pdf)
Proceedings of the 35th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 2014 (13.6%)

SAuth: Protecting User Accounts from Password Database Leaks (pdf)
Proceedings of the 20th ACM Conference on Computer and Communications Security, Berlin, Germany, November 2013 (19.8%)

ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking (pdf)
Proceedings of the 20th ACM Conference on Computer and Communications Security, Berlin, Germany, November 2013 (19.8%)

kGuard: Lightweight Kernel Protection against Return-to-user Attacks (pdf)
Proceedings of the 21st USENIX Security Symposium, Bellevue, WA, USA, August 2012 (19.4%)

A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware (pdf)
Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS) San Diego, CA, USA, February, 2012 (Acceptance rate: 17.8%)

Argos: an Emulator for Fingerprinting Zero-Day Attacks (pdf)
Proceedings of ACM SIGOPS EUROSYS 2006, Leuven, Belgium, April 2006 (20%)

Grands and Awards

  • PI, "Trails: Efficient Data-Flow Tracking Through HW-assisted Parallelization", DARPA, $462,417 (September 2016 - August 2018)
  • PI, "Adapting Static and Dynamic Program Analysis to Effectively Harden Debloated Software" ONR, $467,543 (March 2016 - February 2019)
  • Best student paper award at the 2015 Annual Computer Security Applications Conference (ACSAC)
  • PI (lead Columbia University), "MINESTRONE: Phase 3 Extension" IARPA, $65,796 (September 2013 - November 2014)
  • PI (lead Columbia University), "MINESTRONE Task: Automatic Discovery of Rescue Points Using Static and Dynamic Analysis", IARPA, $247,641 (September 2012 - November 2014)
  • Best paper award at the 6th International Workshop on Security, Tokyo, Japan (November 2011)