Welcome to the Secure Systems and Software Laboratory at the ​University of California, Irvine.

The Secure Software and Systems Laboratory at UC Irvine conducts research that focuses on software techniques for making computers more reliable, and on implementation techniques for increasing software performance. Often, the two are related: increased reliability comes at a performance cost, but then new optimization techniques may be able to reduce this overhead so that the net performance effect of increased reliability is brought back down (sometimes close to zero).

Our work has had significant real-world impact. Our research on just-in-time compilation contributed significantly to the success of the service computing paradigm, leading to browser-based applications such as Gmail that behave not much differently from traditional native applications that a user would purchase and install locally on their computer ahead of first use. Our patented invention of Trace Tree compilation was transitioned into the Firefox web browser in a collaborative project between the lab and Mozilla, and subsequently used by literally hundreds of millions of people every day. Our pioneering contributions to the theory and practice of just-in-time compilation of both static and dynamically typed programming languages has been broadly recognized, most recently by the $100,000 ACM Charles P. "Chuck" Thacker Breakthrough in Computing Award that Prof. Franz received in early 2021.

Our pioneering work on creating "moving target defenses" through automated software diversity has also steadily been gaining mindshare. The Economist published a single-topic article about our research in their May 24th, 2014 print edition. Members of the lab have received several U.S. patents on inventions in this domain; the most recent one was awarded in 2019.

Our work on automated software error discovery has unmasked real vulnerabilities in the device software of widely used flagship mobile phones and enabled the manufacturers to remove these vulnerabilities before they could cause further harm. We thereby helped to prevent software attacks that could have caused potentially great societal harm; for example, there are many documented cases of journalists’ phones being hacked by authoritarian governments using vulnerabilities similar to the ones we found. Similarly, our recent discovery of a vulnerability in widely used microprocessors led to a "bug bounty" cash award; the manufacturer has since released new microcode for the processor that fixes the bug.

We are one of the few academic research groups that has been invited to present at Black Hat USA, the world’s most important professional computer security conference with close to twenty thousand annual attendees, including C-suite level senior leadership of almost every major corporation and government agency in the world. Members of the lab have given presentations on our work at three different editions of the Black Hat conference.

The lab's research philosophy and style has been to build complete systems at full scale, instead of the "proof of concept prototypes" that are more commonly created in academia. The downside of this approach is that it takes very substantial up-front investments of time and effort to build full-scale systems, often requiring several man-years of pure implementation activity before the first experiments (and publications) can be obtained. But the important advantage is that full-scale systems often behave quite differently from simplified "proof of concept ones," so that building full-scale implementations tends to yield far more relevant insights. We believe that the significant successes that we have had in transitioning lab results into widespread actual practice are directly related to the fact that we have been building "real" systems that don't cut corners.

Research

  • DARPA Cyber Fault-tolerant Attack Recovery

  • MultiCompiler

  • TraceCompilation

People

  • Professor Michael Franz
  • Dr. Felicitas Hetzelt
  • Mitchel Dickerson
  • Matt Dees
  • Fabian Parzefall
  • Min-Yih Hsu
  • Chinmay Deshpande
  • Tommaso Monaco
  • André Rösti
  • Yoonha Cha
  • Gunwoo Kim

Alumni

Latest Publications

P. Kirth, M. Dickerson, S. Crane, P. Larsen, A. Dabrowski, D. Gens, Y. Na, S. Volckaert, M. Franz; "PKRU-Safe: Automatically Locking Down the Heap Between Safe and Unsafe Languages;" in European Conference on Computer Systems, EuroSys'22; April 2022. Best Paper Award

K. Pfeffer, A. Mai, A. Dabrowski, M. Gusenbauer, P. Schindler, E. Weippl, M. Franz, K. Krombholz; "On the Usability of Authenticity Checks for Hardware Security Tokens;" in USENIX Security 2021; August 2021.

D. Song, F. Hetzelt, J. Kim, B. Kang, J. Seifert, and M. Franz; "Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints;" in USENIX Security 2020, Boston, Massachusetts; August 2020.

Z. Kenjar, T. Frassetto, D. Gens, M. Franz, and A. Sadeghi; "V0LTpwn: Attacking x86 Processor Integrity from Software;" to appear in USENIX Security 2020, Boston, Massachusetts; August 2020.

A. Voulimeneas, D. Song, F. Parzefall, Y. Na, P. Larsen, M. Franz, and S. Volckaert; "Distributed Heterogeneous N-Variant Execution;" in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment; June 2020.

P. Rajasekaran, S. Crane, D. Gens, Y. Na, S. Volckaert, and M. Franz; "CoDaRR : Continuous Data Space Randomization against Data-Only Attacks;" accepted to appear in 15th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2020), Taipei, Taiwan; October 2020. (67 papers accepted out of 308 submissions = 22%)

A. Altinay, J. Nash, T. Kroes, P. Rajasekaran, D. Zhou, A. Dabrowski, D. Gens, Y. Na, S. Volckaert, C. Giuffrida, H. Bos, and M. Franz; "BinRec: Dynamic Binary Lifting and Recompilation — The Best Thing Since Sliced Binaries;" in EuroSys 2020, Heraklion, Greece; April 2020. (43 papers accepted out of 234 submissions = 18%)

T. Park, K. Dhondt, D. Gens, Y. Na, S. Volckaert, and M. Franz; "NoJITsu: Locking Down JavaScript Engines;" in Network and Distributed Systems Security Symposium (NDSS 2020), San Diego, California; February 2020. (88 papers accepted out of 506 submissions = 17%)

B. Belleville, W. Shen, S. Volckaert, A.M. Azab, and M. Franz; "KALD: Detecting Direct Pointer Disclosure Vulnerabilities;" in IEEE Transactions on Dependable and Secure Computing (TDSC); 2019.

D. Song, J. Lettner, P. Rajasekaran, Y. Na, S. Volckaert, P. Larsen, and M. Franz; "SoK: Sanitizing for Security;" in 40th IEEE Symposium on Security and Privacy (IEEE S&P 2019), San Francisco, California; May 2019. (84 papers accepted out of 673 submissions + 10 revised paper from the previous year = 12.5%)

D. Song, F. Hetzelt, D. Das, Ch. Spensky, Y. Na, S. Volckaert, G. Vigna, Ch. Kruegel, J.-P. Seifert, and M. Franz; "PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary;" in 2019 Network and Distributed Systems Security Symposium (NDSS 2019), San Diego, California; February 2019. (89 papers accepted out of 521 submissions = 17%)

T. Kroes, A. Altinay, J. Nash, Y. Na, S. Volckaert, H. Bos, M. Franz, and Ch. Giuffrida; "BinRec: Attack Surface Reduction Through Dynamic Binary Recovery;" in 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST '18), Toronto, Canada, pp. 8-13; October 2018.

B. Belleville, H. Moon, J. Shin, D. Hwang, J.M. Nash, S. Jung, Y. Na, S. Volckaert, P. Larsen, Y. Paek, and M. Franz; "Hardware Assisted Randomization of Data;" conditionally accepted for publication in 21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018), Heraklion, Crete, Greece; September 2018. (33 papers accepted out of 145 submissions = 23%)

J. Lettner, D.K. Song, T. Park, S. Volckaert, P. Larsen, and M. Franz; "PartiSan: Fast and Flexible Sanitization via Run-time Partitioning;" accepted for publication in 21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018), Heraklion, Crete, Greece; September 2018. (33 papers accepted out of 145 submissions = 23%)

M. Qunaibit, S. Brunthaler, Y. Na, S. Volckaert and M. Franz; "Accelerating Dynamically-Typed Languages on Heterogeneous Platforms Using Guards Optimization;" accepted for publication in 2018 European Conference on Object-Oriented Programming (ECOOP 2018); Amsterdam, Netherlands; July 2018. (26 papers accepted out of 66 submissions = 39%)

T. Park, J. Lettner, Y. Na, S. Volckaert and M. Franz; "Bytecode Corruption Attacks Are Real—And How To Defend Against Them;" accepted for publication in 2018 Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2018), Paris, France; June 2018. (18 papers accepted out of 59 submissions = 30%)

S. Crane, A. Homescu, P. Larsen, H. Okhravi, and M. Franz; "Diversity and Information Leaks;" in P. Larsen and A.-R. Sadeghi (Eds.), The Continuing Arms Race: Code-Reuse Attacks and Defenses, ACM Books, Vol. 18, Morgan & Claypool Publishers, ISBN 978-1-97000-183-9, pp. 61-81; 2018. doi:10.1145/3129743.3129747

P. Biswas, A. Di Federico, S.A. Carr, P. Rajasekaran, S. Volckaert, Y. Na, M. Franz, and M. Payer; "Venerable Variadic Vulnerabilities Vanquished;" in USENIX Security 2017, Vancouver, British Columbia; August 2017. (85 papers accepted out of 522 submissions = 16%)

S. Volckaert, B. Coppens, B. De Sutter, K. De Bosschere, P. Larsen, and M. Franz; "Taming Parallelism in a Multi-Variant Execution Environment;" in EuroSys 2017, Belgrade, Serbia, pp. 270-285; April 2017. doi:10.1145/3064176.3064178 (41 papers accepted out of 182 valid submissions = 22%)

N. Burow, S.C. Carr, J. Nash, P. Larsen, M. Franz, S. Brunthaler, and M. Payer; "Control-Flow Integrity P3: Protection, Precision, and Performance," in ACM Computing Surveys (CSUR), Vol. 50, No. 1, Article No. 16; April 2017. doi:10.1145/3054924

R. Rudd, R. Skowyra, D. Bigelow, V. Dedhia, Th. Hobson, S. Crane, Ch. Liebchen, P. Larsen, L. Davi, M. Franz, A.-R. Sadeghi, and H. Okhravi; "Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity;" in 2017 Network and Distributed System Security Symposium (NDSS 2017), San Diego, California; February/March 2017. (68 papers accepted out of 423 submissions = 16%)

S. Volckaert, B. Coppens, A. Voulimeneas, A. Homescu, P. Larsen, B. De Sutter, and M. Franz; "Secure and Efficient Application Monitoring and Replication;" accepted to appear in 2016 USENIX Annual Technical Conference (ATC 2016), Denver, Colorado; June 2016. (47 papers accepted out of 266 submissions = 17.6%)

J. Lettner, B. Kollenda, A. Homescu, P. Larsen, F. Schuster, L. Davi, A.-R. Sadeghi, T. Holz, and M. Franz; "Subversive-C: Abusing and Protecting Dynamic Message Dispatch;" accepted to appear in 2016 USENIX Annual Technical Conference (ATC 2016), Denver, Colorado; June 2016. (47 papers accepted out of 266 submissions = 17.6%)

G. Wagner, P. Larsen, S. Brunthaler, and M. Franz; "Thinking Inside the Box: Compartmentalized Garbage Collection;" in ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 38, No. 3, Article No. 9; May 2016.

K. Braden, S. Crane, L. Davi, M. Franz, P. Larsen, Ch. Liebchen, and A.-R. Sadeghi; "Leakage-Resilient Layout Randomization for Mobile Devices;" in 2016 Network and Distributed System Security Symposium (NDSS 2016),San Diego, California; February 2016. (60 papers accepted out of 389 submissions = 15.4%)

P. Larsen, S. Brunthaler, L. Davi, A.-R. Sadeghi, and M. Franz; Automated Software Diversity; Morgan & Claypool, San Rafael, California, ISBN 978-1-6270-5734-9 (paperback), ISBN 978-1-6270-5755-4 (ebook); December 2015.

S. Crane, S. Volckaert, F. Schuster, Ch. Liebchen, P. Larsen, L. Davi, A.-R. Sadeghi, T. Holz, B. De Sutter, and M Franz; "It's a TRAP: Table Randomization and Protection against Function Reuse Attacks;" in 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado; October 2015. (128 papers accepted out of 646 submissions = 19.4%)

M. Conti, S. Crane, L. Davi, M. Franz, P. Larsen, Ch. Liebchen, M. Negro, M. Qunaibit, and A.-R. Sadeghi; "Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks;" in 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado; October 2015. (128 papers accepted out of 646 submissions = 19.4%)

G. Savrun-Yeniceri, M. L. Van de Vanter, P. Larsen, S. Brunthaler, and M. Franz; "Efficient and Generic Event-based Profiler Framework for Dynamic Languages;" in 2015 International Conference on Principles and Practices of Programming on the Java platform: Virtual machines, Languages, and Tools (PPPJ'15), Melbourne, Florida; September 2015.

C. Stancu, Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Safe and Efficient Hybrid Memory Management for Java;" in International Symposium on Memory Management 2015 (ISMM'15), Portland, Oregon; June 2015.

A. Homescu, T. Jackson, S. Crane, S. Brunthaler, P. Larsen, and M. Franz; "Large-scale Automated Software Diversity–Program Evolution Redux;" accepted to appear in IEEE Transactions on Dependable and Secure Computing (TDSC), 2015.

S. Crane, Ch. Liebchen, A. Homescu, L. Davi, P. Larsen, A.-R. Sadeghi, S. Brunthaler, and M Franz; "Readactor: Practical Code Randomization Resilient to Memory Disclosure;" in 36th IEEE Symposium on Security and Privacy, San Jose, California; May 2015. (55 papers accepted out of 407 submissions = 13.5%)

P. Larsen, A. Homescu, S. Brunthaler, and M. Franz; "Automatic Software Diversity;" in IEEE Security and Privacy, Vol. 13, No. 2, pp. 30-37; March 2015.

S. Crane, A. Homescu, S. Brunthaler, P. Larsen, and M. Franz; "Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity;" in 2015 Network and Distributed System Security Symposium (NDSS 2015), San Diego, California; February 2015. (51 papers accepted out of 302 submissions = 16.9%)

V. Mohan, P. Larsen, S. Brunthaler, K. Hamlen, and M. Franz;" Opaque Control Flow Integrity" in 2015 Network and Distributed System Security Symposium (NDSS 2015), San Diego, California; February 2015. (51 papers accepted out of 302 submissions = 16.9%)

M. Murphy, P. Larsen, S. Brunthaler, and M. Franz; "Software Profiling Options and Their Effects on Security Based Code Diversification;" in First ACM Workshop on Moving Target Defense (MTD 2014), Scottsdale, Arizona; November 2014.

W. Zhang, P. Larsen, S. Brunthaler, and M. Franz; "Accelerating Iterators in Optimizing AST Interpreters;'' in 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA 2014), Portland, Oregon, pp. 727-743; October 2014. (52 papers accepted out of 186 submissions = 28%)

C. Stancu, Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Comparing Points-to Static Analysis with Runtime Recorded Profiling Data;" in 2014 International Conference on Principles and Practices of Programming on the Java platform: Virtual machines, Languages, and Tools (PPPJ 2014), Cracow, Poland, pp. 157-168; September 2014.

P. Larsen, A. Homescu, S. Brunthaler, and M. Franz; "SoK: Automated Software Diversity;" in 35th IEEE Symposium on Security and Privacy, San Jose, California, pp. 276-291; May 2014. (44 papers accepted out of 334 submissions = 13%)

P. Larsen, S. Brunthaler, and M. Franz; "Security through Diversity: Are We There Yet?," in IEEE Security and Privacy, Vol. 12, No. 2, pp. 28-35; March 2014.

G. Savrun-Yeniceri, W. Zhang, H. Zhang, E. Seckler, C. Li, S. Brunthaler, P. Larsen, and M. Franz; "Efficient Hosted Interpreters on the JVM;" in ACM Transactions on Architecture and Code Optimization (TACO), Vol. 11, No. 1, Article No. 9; February 2014.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Information Flow Tracking meets Just-In-Time Compilation;" in 9th International Conference on High-Performance and Embedded Architectures and Compilers (HiPEAC 2014), Vienna, Austria, January 2014.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Information Flow Tracking meets Just-In-Time Compilation;" in ACM Transactions on Architecture and Code Optimization (TACO), Vol. 10, No 4, Article No. 38; December 2013.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "CrowdFlow: Efficient Information Flow Security;" accepted for publication in 16th Information Security Conference (ISC 2013), Dallas, Texas; November 2013. (70 submissions, 16 accepted = 23% acceptance rate plus 14 short papers)

A. Homescu, P. Larsen, S. Brunthaler, and M. Franz; "librando: Transparent Code Randomization for Just-in-Time Compilers;" in 20th ACM Conference on Computer and Communications Security (CCS 2013), Berlin, Germany; November 2013. (105 papers accepted out of 530 submissions = 19.8%)

G. Savrun-Yeniceri, W. Zhang, H. Zhang, C. Li, P. Larsen, S. Brunthaler, and M. Franz; "Efficient Interpreter Optimizations for the JVM;" in 2013 International Conference on the Principles and Practice of Programming on the Java Platform: Virtual Machines, Languages, and Tools (PPPJ'13), Stuttgart, Germany; September 2013.

S. Crane, P. Larsen, S. Brunthaler, and M. Franz; "Booby Trapping Software;" in 2013 New Security Paradigms Workshop (NSPW 2013), Banff, Canada; September 2013.

E. Hennigan, Ch. Kerschbaumer, P. Larsen, S. Brunthaler, and M. Franz; "First-Class Labels: Using Information Flow to Debug Security Holes;" in M. Huth, N. Asokan, S. Capkun, I. Flechais, and L. Coles-Kemp (Eds.), Trust and Trustworthy Computing, 6th International Conference (TRUST 2013), London, United Kingdom, Springer Lecture Notes in Computer Science, Vol. 7904, ISBN 978-3-642-38907-8, pp. 151–168; June 2013.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Towards Precise and Efficient Information Flow Control in Web Browsers;" in M. Huth, N. Asokan, S. Capkun, I Flechais, and L. Coles-Kemp (Eds.), Trust and Trustworthy Computing, 6th International Conference (TRUST 2013), London, United Kingdom, Springer Lecture Notes in Computer Science, Vol. 7904, ISBN 978-3-642-38907-8, pp. 187–195; June 2013.

T. Jackson, A. Homescu, S. Crane, P. Larsen, S. Brunthaler, and M. Franz; "Diversifying the Software Stack Using Randomized NOP Insertion;" in S. Jajodia, A K Ghosh, V. S. Subrahmanian, V Swarup, C. Wang, X. S. Wang (Eds.),Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Springer Advances in Information Security, Vol. 100, ISBN 978-1-4614-5415-1, pp. 151-174; 2013.

A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz; "Profile-guided Automated Software Diversity,"' in 2013 International Symposium on Code Generation and Optimization (CGO 2013), Shenzhen, China; February 2013. (33 papers accepted out of 117 submissions = 28%)

A. Homescu, M. Stewart, P. Larsen, S. Brunthaler, and M. Franz; "Microgadgets: Size Does Matter In Turing-complete Return-oriented Programming,'" in 6th USENIX Workshop on Offensive Technologies (WOOT '12), Bellevue, Washington; August 2012.

Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Fine-Grained Modularity and Reuse of Virtual Machine Components;" in 11th Annual International Conference on Aspect-Oriented Software Development (AOSD '12), Potsdam, Germany, ACM Press, ISBN 978-1-4503-1092-5, pp. 203-214; March 2012.

G. Wagner, A. Gal, and M. Franz; “Slimming a Java Virtual Machine by way of Cold Code Removal and Optimistic Partial Program Loading;” in Science of Computer Programming, Vol. 76, No. 11, pp. 1037-1053; November 2011.

M. Chang, B. Mathiske, E. Smith, A. Chaudhuri, M. Bebenita, A Gal, Ch. Wimmer, and M Franz; "The Impact of Optional Type Information on JIT Compilation Of Dynamically Typed Languages" in 7th Dynamic Languages Symposium (DLS 2011), Portland, Oregon, ACM Press, ISBN 978-1-4503-0939-4, pp. 13-24; October 2011.

T. Jackson, B. Salamat, A. Homescu, K. Manivannan, G. Wagner, A. Gal, S. Brunthaler, Ch. Wimmer, and M. Franz; “Compiler-Generated Software Diversity;” in S. Jajodia, A.K. Ghosh, V. Swarup, C. Wang, and X.S. Wang (Eds.), Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats; Springer, ISBN 978-1-4614-0976-2; September 2011.

G. Wagner, A. Gal, Ch. Wimmer, B. Eich and M. Franz; "Compartmental Memory Management in a Modern Web Browser;" in International Symposium on Memory Management (ISMM 2011), San Jose, California; June 2011.

B. Salamat, T. Jackson, G. Wagner, Ch. Wimmer, and M. Franz: "Run-Time Defense against Code Injection Attacks using Replicated Execution ;" In IEEE Transactions on Dependable and Secure Computing. IEEE Computer Society, 2011.

T. Jackson, B. Salamat, G. Wagner, Ch. Wimmer, and M.Franz; “On the Effectiveness of Multi-Variant Program Execution for Vulnerability Detection and Prevention;” in International Workshop on Security Measurements and Metrics (MetriSec 2010), Bolzano-Bozen, Italy; September 2010.

M. Franz; “E unibus pluram: Massive-Scale Software Diversity as a Defense Mechanism;” in New Security Paradigms Workshop 2010 (NSPW 2010), Concord, Massachusetts; September 2010.

M. Bebenita, M. Chang, K. Manivannan, G. Wagner, M. Cintra, B. Mathiske, A. Gal, C. Wimmer, M. Franz; "Trace Based Compilation in Execution Environments Without Interpreters;" in A. Krall, H. Mössenböck (Eds.), 8th International Conference on the Principles and Practice of Programming in Java 2010 (PPPJ 2010), Vienna, Austria, ACM Press, ISBN 978-1-4503-0269-2, pp. 59–68; September 2010.

K. Manivannan, Ch. Wimmer, and M. Franz; “Decentralized Information Flow Control on a Bare-Metal JVM;” in Sixth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW’10), Oak Ridge National Laboratory, Oak Ridge, Tennessee; April 2010.

T. Jackson, Ch. Wimmer, and M. Franz; “Multi-Variant Program Execution for Vulnerability Detection and Analysis;” in Sixth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW’10), Oak Ridge National Laboratory, Oak Ridge, Tennessee; April 2010.

Ch. Wimmer and Michael Franz; "Linear Scan Register Allocation on SSA Form;" in International Symposium on Code Generation and Optimization (CGO), Toronto, Canada, ACM Press, ISBN 978-1-60558-635-9, pp. 170–179; April 2010.

A. Yermolovich, Ch. Wimmer, and M. Franz; "Optimization of Dynamic Languages Using Hierarchical Layering of Virtual Machines;" in Proceedings of the 5th Symposium on Dynamic Languages (DLS 2009), Orlando, Florida, ISBN 978-1-60558-769-1, pp. 79–88; October 2009.

Ch. Wimmer, M. Cintra, M. Bebenita, M. Chang, A. Gal, and M. Franz; "Phase Detection using Trace Compilation;" in The 7th International Conference on the Principles and Practice of Programming in Java 2009 (PPPJ 2009), Calgary, Alberta; August 2009.

Ch. Kerschbaumer, G. Wagner, Ch. Wimmer, A. Gal, Ch. Steger, and M. Franz; "SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems;" in The 7th International Conference on the Principles and Practice of Programming in Java 2009 (PPPJ 2009), Calgary, Alberta; August 2009.

W. Amme, J. von Ronne, Ph. Adler, and M. Franz; "The Effectiveness of Producer-Side Machine-Independent Optimizations for Mobile Code;" in Software—Practice and Experience, Vol. 29, No. 10, pp. 923–946; July 2009.

M. Bebenita, M. Chang, A. Gal, and M. Franz; "Stream-Based Dynamic Compilation for Object-Oriented Languages;" in 47th International Conference on Objects, Models, Components, Patterns (TOOLS-EUROPE 2009), Zurich, Switzerland; June 2009.

A. Gal, B. Eich, M. Shaver, D. Anderson, B. Kaplan. G. Hoare, D. Mandelin, B. Zbarsky, J. Orendorff, J. Ruderman, E. Smith, R. Reitmaier, M. R. Haghighat, M. Bebenita, M. Chang, and M Franz; "Trace-based Just-in-Time Type Specialization for Dynamic Languages;" in Programming Language Design and Implementation (PLDI 2009), Dublin, Ireland; June 2009. (34 papers accepted out of 196 submissions = 17.3%)

B. Salamat, T. Jackson, A. Gal, and M. Franz; "Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space;" in EuroSys'09, Nürnberg, Germany; April 2009. (25 papers accepted out of 148 submissions = 16.8%)

M. Franz; "Information-Flow Aware Virtual Machines: Foundations For Trustworthy Computing;" in Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH 2009), Washington, D.C.; March 2009.

E. Yardimci and M. Franz; "Mostly-Static Program Partitioning of Binary Executables;" in ACM Transactions on Programming Languages and Systems (TOPLAS).

M. Chang, E. Smith, R. Reitmaier, A. Gal, M. Bebenita, Ch. Wimmer, B. Eich, and M. Franz; "Tracing for Web 3.0: Trace Compilation for the Next Generation Web Applications;" in The 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE 2009), Washington, D.C.; March 2009.

L. Wang and M. Franz; "Automatic Partitioning of Object-Oriented Programs for Resource-Constrained Mobile Devices with Multiple Distribution Objectives;" in The 14th IEEE International Conference on Parallel and Distributed Systems (ICPADS'08), Melbourne, Victoria, Australia, December 2008.

G. Wagner, A. Gal, and M. Franz; "SlimVM: Optimistic Partial Program Loading for Connected Embedded Java Virtual Machines;" in The International Conference on the Principles and Practice on Programming in Java 2008 (PPPJ 2008), Modena, Italy; September 2008. Best Paper Award.

A. Yermolovich, A. Gal, and M. Franz; "Portable Execution of Legacy Binaries on the Java Virtual Machine;" in The International Conference on the Principles and Practice on Programming in Java 2008 (PPPJ 2008), Modena, Italy; September 2008.

A. Gal, Ch. W. Probst, and M. Franz; Java Bytecode Verification via Static Single Assignment Form; in ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 30, No. 4, Article No. 21, pp. 1-21; July 2008.

E. Yardimci and M. Franz; "Dynamic Parallelization of Binary Executables on Hierarchical Platforms;'' in The Journal of Instruction-Level Parallelism, Vol. 10, Paper 6, ISSN 1942-9525, pp. 1-24; June 2008.

Contact

Secure Systems and Software Laboratory
Department of Computer Science
University of California
Irvine, CA 92697-3425
phone: (949) 824-1546
fax: (949) 824-8019