Aarno Labs | Publications

Assured Micropatching of Race Conditions in Legacy Real-time Embedded Systems.
Rik Chatterjee, Ben Karel, Ricardo Baratto, Michael Gordon, and Jeremy Daily. Real-Time Autonomous Systems Security, 2024.

Projects: MRAM

Solutions: CodeHawk

Technical Areas: Static Analysis, Binary Patching, Software Correctness
Multifocal Relational Analysis for Assured Micropatching: Final Report.
Aarno Labs and MIT CSAIL. Aarno Labs Technical Report, 2024.

Projects: MRAM

Solutions: CodeHawk

Technical Areas: Static Analysis, Vulnerability Remediation, Binary Patching, Software Correctness
IDA Pro Plugins for CodeHawk-Binary.
Aarno Labs. Aarno Labs Technical Report, 2023.

Projects: Arya (TA2), MRAM

Solutions: CodeHawk

Technical Areas: Vulnerability Discovery, Static Analysis, Vulnerability Reachability, Software Correctness
BinWrap: Hybrid Protection Against Native Node.js Add-ons.
George Christou, Grigoris Ntousakis, Eric Lahtinen, Sotiris Ioannidis, Vasileios P. Kemerlis, and Nikos Vasilakis. Asia CCS, 2023.

Projects: Aria

Technical Areas: Supply Chain Security, Vulnerability Remediation, Runtime Protection
Practically Correct, Just-in-Time Shell Script Parallelization.
Konstantinos Kallas, Tammam Mustafa, Jan Bielak, Dimitris Karnikis, Thurston H.Y. Dang, Michael Greenberg, and Nikos Vasilakis. OSDI, 2022.

Projects: Aria

Technical Areas: Static Analysis, Dynamic Analysis
Tunable Cyber Defensive Mechanisms: Final Report.
Aarno Labs. Aarno Labs Technical Report, 2022.

Projects: Aikido

Technical Areas: Static Analysis, Dynamic Analysis
Using Proof-of-Work to Mitigate Spoofing-Based Denial of Service Attacks.
Samual DeLaughter (MIT Student / Aarno Labs Intern) and Karen Sollins. CoNEXT-SW, 2021.

Projects: Arya (TA2)

Technical Areas: Vulnerability Remediation
Mir: Automated Quantifiable Privilege Reduction Against Dynamic Library Compromise in JavaScript.
Nikos Vasilakis, Cristian-Alexandru Staicu, Grigoris Ntousakis, Konstantinos Kallas, Ben Karel, André DeHon, and Michael Pradel. arXiv, 2021.

Projects: Aria

Solutions: Lucien

Technical Areas: Supply Chain Security, Vulnerability Remediation, Dynamic Analysis, Runtime Protection
Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction.
Nikos Vasilakis, Cristian-Alexandru Staicu, Grigoris Ntousaki, Konstantinos Kallas, Ben Karel, André DeHon, and Michael Pradel. CCS, 2021.

Projects: Aria

Solutions: Lucien

Technical Areas: Static Analysis, Dynamic Analysis, Runtime Protection, Supply Chain Security, Vulnerability Remediation
SARAN: A System for Android Application Interposition.
Aarno Labs. Aarno Labs Technical Report, 2021.

Projects: Saran

Technical Areas: Static Analysis, Dynamic Analysis, Runtime Protection, Supply Chain Security, Vulnerability Discovery, Vulnerability Remediation
A Unified Algebraic Framework Of Program Analyses.
Martin Rinard (MIT), Henny Sipma (Aarno Labs), Thomas Bourgeat (MIT). LangSec, 2021.

Projects: MRAM

Technical Areas: Static Analysis, Binary Patching
Precise and Comprehensive Provenance Tracking for Android Devices.
Michael I. Gordon, Jordan Eikenberry, Anthony Eden, Jeff Perkins, and Martin Rinard. MIT Technical Report Report, 2019.

Projects: ClearScope

Technical Areas: Supply Chain Security, Vulnerability Discovery, Dynamic Analysis, Runtime Protection
Arya Chain Backbone Proofs: Formalizing the Proof of Burn Consensus Mechanism.
Aarno Labs. Aarno Labs Technical Report, 2019.

Projects: Arya (TA3)

Technical Areas: Software Correctness
Automatic Exploitation of Fully Randomized Executables.
Austin Gadient, Baltazar Ortiz, Ricardo Baratto, Eli Davis, Jeff Perkins, and Martin Rinard. MIT Technical Report, 2019.

Projects: Arya (TA2)

Technical Areas: Vulnerability Discovery, Static Analysis, Dynamic Analysis
DroidSafe: Final Report.
Aarno Labs. Aarno Labs Technical Report, 2019.

Projects: DroidSafe

Technical Areas: Vulnerability Discovery, Static Analysis, Software Correctness
Concord - Verifying Memory Safety.
Aarno Labs. Aarno Labs Technical Report, 2019.

Projects: Dark Corners

Technical Areas: Vulnerability Discovery, Static Analysis, Software Correctness
Sansa: Final Report.
Aarno Labs. Aarno Labs Technical Report, 2017.

Projects: Sansa

Technical Areas: Static Analysis, Supply Chain Security, Vulnerability Discovery, Vulnerability Remediation, Vulnerability Reachability
Covert Communication in Mobile Applications.
Julia Rubin, Michael I. Gordon, Nguyen Nguyen, and Martin Rinard. ASE, 2015.

Projects: DroidSafe

Technical Areas: Static Analysis
Information Flow Analysis of Android Applications in DroidSafe.
Michael I. Gordon, Deokhwan Kim, Jeff Perkins, Limei Gilham, Nguyen Nguyen, and Martin Rinard. NDSS, 2015.

Projects: DroidSafe

Technical Areas: Static Analysis

Publications

Assured Micropatching of Race Conditions in Legacy Real-time Embedded Systems.

Multifocal Relational Analysis for Assured Micropatching: Final Report.

IDA Pro Plugins for CodeHawk-Binary.

BinWrap: Hybrid Protection Against Native Node.js Add-ons.

Practically Correct, Just-in-Time Shell Script Parallelization.

Tunable Cyber Defensive Mechanisms: Final Report.

Using Proof-of-Work to Mitigate Spoofing-Based Denial of Service Attacks.

Mir: Automated Quantifiable Privilege Reduction Against Dynamic Library Compromise in JavaScript.

Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction.

SARAN: A System for Android Application Interposition.

A Unified Algebraic Framework Of Program Analyses.

Precise and Comprehensive Provenance Tracking for Android Devices.

Arya Chain Backbone Proofs: Formalizing the Proof of Burn Consensus Mechanism.

Automatic Exploitation of Fully Randomized Executables.

DroidSafe: Final Report.

Concord - Verifying Memory Safety.

Sansa: Final Report.

Covert Communication in Mobile Applications.

Information Flow Analysis of Android Applications in DroidSafe.