Clemens Kolbitsch

General Information

Currently, I am a PhD student at the International Secure Systems Lab. My main research interests are malware analysis and detection as well as virtual machines. In previous projects I was working on memory protection, race condition detection, and wireless communication and its security.

In beginning of February 2010, I have become lead-developer of Anubis. There, I am currently focusing on improving stability, supporting a wider spectrum of malware (such as BHO-based malware, etc.), and avoiding sandbox detection.

Projects

• Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
  Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, and Engin Kirda
  IEEE Symposium on Security and Privacy
  Oakland, USA, May 2010.
  Article. Bibtex
  
  
• Identifying Dormant Functionality in Malware Programs
  Paolo Milani Comparetti, Guido Salvaneschi, Clemens Kolbitsch, Christopher Kruegel, Engin Kirda, and Stefano Zanero
  IEEE Symposium on Security and Privacy
  Oakland, USA, May 2010.
  to appear
  
  
• Effective and Efficient Malware Detection at the End Host
  Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and Xiaofeng Wang
  Usenix Security Symposium
  Montreal, Canada, August 2009.
  Article. Bibtex
  
  
• Master Thesis
  My thesis dealt with a the idea of protecting certain memory regions not only on a per-page but also on a per-word basis. This involved changing the Linux kernel to realize this new idea, enhance a compiler (the tiny c compiler) and implement the necessary processor-instructions in the system emulator Qemu.
  
  Using this system, we designed new approaches to protect agains stack- and heap-based buffer overflows. Further, we implemented a dynamic race condition detector. Evaluation on various large scale code projects (e.g. Apache) demonstrate the usability of the race condition detection system.
  
  Extending Mondrian Memory Protection
  Clemens Kolbitsch, Christopher Kruegel, and Engin Kirda
  NATO RTO IST-091 Symposium,
  Antalya, Turkey, April 2010.
  to appear
  
  
• Virtual 802.11 Fuzzing
  Together with Sylvester Keil, I was working on a stateful fuzzer for the 802.11 protocol. For more information refer to the project website.
  
  Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
  Sylvester Keil and Clemens Kolbitsch
  Black Hat Japan
  Tokyo, Japan, October 2007.
  White paper. Bibtex

Teaching

• Internet Security
  
  
• Internet Security2 (aka. Advanced Internet Security)

Contact

I can be reached under ck (at) iseclab.org

You can find my public key here.