S3@Eurecom.fr

Publications

This page contains my personal publications (including the papers published with previous affiliations).
Please check group's publication page for the list of publications from our group.

2021

SoK: Enabling Security Analyses of Embedded Systems via Rehosting
Andrew Fasano, Tiemoko Ballo, Marius Muench, Tim Leek, Alexander Olienik, Brendan Dolan Gavitt, Manuel Egele, Aurélien Francillon, Long Lu, Nick Gregory, Davide Balzatotti, William Robertson
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) , Hong Kong, China (acceptance rate: 19.3%)
SymQEMU: Compilation-based symbolic execution for binaries
Poeplau, Sebastian, Francillon, Aurélien
Network and Distributed System Security Symposium
Understanding and detecting international revenue share fraud
Merve Sahin, Aurélien Francillon
Network and Distributed System Security (NDSS) Symposium , San Diego (USA)

2020

Symbolic execution with SymCC: Don't interpret, compile!
Sebastian Poeplau, Aurélien Francillon
29th USENIX Security Symposium (USENIX Security 20) , Boston, MA (acceptance rate: 16.1%)
Distinguished Paper Award Winner
Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks
Giovanni Camurati, Aurélien Francillon, François-Xavier Standaert
IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES 2020)
Google Bughunter Hall of Fame Honorable Mention
HardSnap: Leveraging hardware snapshotting for embedded systems security testing
Nassim Corteggiani, Aur\'elien Francillon
50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2020) , Valencia, SPAIN (acceptance rate: 16.5%)
SoC Security Evaluation: Reflections on Methodology and Tooling
Nassim Corteggiani, Giovanni Camurati, Marius Muench, Sebastian Poeplau, Aurelien Francillon
IEEE Design & Test

2019

Systematic Comparison of Symbolic Execution Systems: Intermediate Representation and its Generation
Sebastian Poeplau, Aurélien Francillon
Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC) 2019 , San Juan, Puerto Rico (acceptance rate: 22.6%)
Toward the Analysis of Embedded Firmware through Automated Re-hosting
Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Davide Balzarotti, Aurelien Francillon, Yung Ryn Choe, Christopher Kruegel, Giovanni Vigna
Symposium on Research in Attacks, Intrusion, and Defenses (RAID) , Beijing (acceptance rate: 22.3%)
Finding software bugs in embedded devices
Francillon, Aurélien, Thomas, Sam L., Costin, Andrei
Security of Ubiquitous Computing Systems (Book Chapter) (to appear)

2018

Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurélien Francillon
Proceedings of the 25th ACM conference on Computer and communications security (CCS) , Toronto, Canada (acceptance rate: 16.6%)
Third place at the CSAW Europe applied research competition 2018
Backdoors: Definition, Deniability and Detection
Sam L. Thomas, Aurélien Francillon
Symposium on Research in Attacks, Intrusion, and Defenses (RAID) , Heraklion (acceptance rate: 22.8%)
Smashing the Stack Protector for Fun and Profit
Bruno Bierbaumer, Julian Kirsch, Thomas Kittel, Aurélien Francillon, Apostolis Zarras
33nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2018) , Poznan, Poland
Inception: System-wide Security Testing of Real-World Embedded Systems Software
Nassim Corteggiani, Giovanni Camurati, Aurélien Francillon
27th USENIX Security Symposium (USENIX Security 18) , Baltimore, MD (acceptance rate: 19.1%)
On the Effectiveness of the National Do-Not-Call Registries
Merve Sahin, Aurélien Francillon
Workshop on Technology and Consumer Protection (Peer reviewed workshop co-located with S\&P, without formal proceedings)
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
Marius Muench, Jan Stijohann, Frank Kargl, Aurelien Francillon, Davide Balzarotti
Network and Distributed System Security (NDSS) Symposium , San Diego (USA)
Avatar²: A Multi-target Orchestration Platform
Marius Muench, Dario Nisi, Aurelien Francillon, Davide Balzarotti
Workshop on Binary Analysis Research (colocated with NDSS Symposium) , San Diego (USA)

2017

Using chatbots against voice spam: Analyzing Lenny’s effectiveness
Merve Sahin, Marc Relieu, Aurélien Francillon
Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017) , Santa Clara, USA (acceptance rate: 26.5%)
Towards Automated Classification of Firmware Images and Identification of Embedded Devices
Costin, Andrei, Zarras, Apostolis, Francillon, Aurélien
32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017) , Rome, Italy (acceptance rate: 19.4%)
SoK: Fraud in Telephony Networks
Merve Sahin, Aurélien Francillon, Payas Gupta, Mustaque Ahamad
Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS\&P'17) , Paris, France (acceptance rate: 19.6%)

2016

Over-The-Top Bypass: Study of a Recent Telephony Fraud
Merve Sahin, Aurélien Francillon
Proceedings of the 23rd ACM conference on Computer and communications security (CCS) , Vienna, Austria (acceptance rate: 16.4%)
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Costin, Andrei, Zarras, Apostolis, Francillon, Aurélien
11th ACM Asia Conference on Computer and Communications Security (AsiaCCS) , Xidian, China (acceptance rate: 20.9%)
Trust, But Verify: Why and how to establish trust in embedded devices (invited paper)
Aurélien Francillon
Proceedings of Design, Automation and Test in Europe (DATE), Dresden, Germany
SMASHUP: a toolchain for unified verification of hardware/software co-designs
Lugou, Florian, Apvrille, Ludovic, Francillon, Aurelien
Journal of Cryptographic Engineering

2015

PIE: Parser Identification in Embedded Systems
Lucian Cojocar, Jonas Zaddach, Roel Verdult, Herbert Bos, Aurelien Francillon, Davide Balzarotti
Annual Computer Security Applications Conference (ACSAC) (acceptance rate: 24.4%)
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Andrei Costin, Apostolis Zarras, Aurelien Francillon
ArXiv e-prints
Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters
Clémentine Maurice, Le Scouarnec, Nicolas, Christoph Neumann, Olivier Heen, Aurélien Francillon
Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'15)
Toward a methodology for unified verication of hardware/software co-designs
Florian Lugou, Ludovic Apvrille, Aurélien Francillon
PROOFS 2015, Security Proofs for Embedded Systems, 17 September 2015, Saint-Malo, France, Springer , Saint-Malo, FRANCE
C5: Cross-Cores Cache Covert Channel
Clémentine Maurice, Christoph Neumann, Olivier Heen, Aurélien Francillon
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Milan, Italy (acceptance rate: 22.7%)
Best Paper Award

2014

Through the Looking-Glass, and What Eve Found There
Luca Bruno, Mariano Graziano, Davide Balzarotti, Aurélien Francillon
8th USENIX Workshop on Offensive Technologies (WOOT 14) (acceptance rate: 48.6%)
A Large Scale Analysis of the Security of Embedded Firmwares
Andrei Costin, Jonas Zaddach, Aurélien Francillon, Davide Balzarotti
Proceedings of the 23rd USENIX Security Symposium (USENIX Security) (acceptance rate: 19.0%)
Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS\_WIFI\_STATE Android Permission
Jagdish Prasad Achara, Mathieu Cunche, Vincent Roca, Aurélien Francillon
Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec) (acceptance rate: 26.0%)
Short Paper: A Dangerous 'Pyrotechnic Composition': Fireworks, Embedded Wireless and Insecurity-by-Design
Andrei Costin, Aurélien Francillon
Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec) (acceptance rate: 26.0%)
Optical Delusions: A Study of Malicious QR Codes in the Wild
Amin Kharraz, Engin Kirda, William Robertson, Davide Balzarotti, Aurelien Francillon
Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) , Atlanta, GA USA (acceptance rate: 21.8%)
On the Feasibility of Software Attacks on Commodity Virtual Machine Monitors via Direct Device Assignment
Gabor Pek, Andrea Lanzi, Abhinav Srivastava, Davide Balzarotti, Aurélien Francillon, Christoph Neumann
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) , Kyoto, Japan (acceptance rate: 20.0%)
Microcomputations As Micropayments in Web-based Services
Ghassan O. Karame, Aurélien Francillon, Victor Budilivschi, Srdjan Capkun, Vedran Capkun
ACM Trans. Internet Technol. (ACM TOIT) , New York, NY, USA
Confidentiality Issues on a GPU in a Virtualized Environment
Clémentine Maurice, Christoph Neumann, Olivier Heen, Aurélien Francillon
Proceedings of the Eighteenth International Conference on Financial Cryptography and Data Security (FC'14) , Barbados (acceptance rate: 22.5%)
A Minimalist Approach to Remote Attestation
Aurelien Francillon, Quan Nguyen, Kasper B. Rasmussen, Gene Tsudik
Proceedings of Design, Automation and Test in Europe (DATE), Dresden, Germany
Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares
Jonas Zaddach, Luca Bruno, Aurelien Francillon, Davide Balzarotti
Network and Distributed System Security (NDSS) Symposium , San Diego (USA) (acceptance rate: 18.6%)
Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations
Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Aurelien Francillon, Davide Balzarotti
EURASIP Journal on Information Security

2013

Implementation and Implications of a Stealth Hard-Drive Backdoor
Jonas Zaddach, Anil Kurmus, Davide Balzarotti, Erik Olivier Blass, Aurelien Francillon, Travis Goodspeed, Moitrayee Gupta, Ioannis Koltsidas
Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC) , New Orleans (acceptance rate: 19.0%)
Best Student Paper Award
The Role of Phone Numbers in Understanding Cyber-Crime Schemes
Andrei Costin, Jelena Isachenkova, Marco Balduzzi, Aurelien Francillon, Davide Balzarotti
Annual Conference on Privacy, Security, and Trust (PST) , Terragona, Spain (acceptance rate: 29.0%)
Improving 802.11 Fingerprinting of Similar Devices by Cooperative Fingerprinting
Clémentine Maurice, Stephane Onno, Christoph Neumann, Olivier Heen, Aurelien Francillon
Proceedings of the 2013 International Conference on Security and Cryptography (SECRYPT'13) , Reykjavik, Iceland
The Role of Web Hosting Providers in Detecting Compromised Websites
Davide Canali, Davide Balzarotti, Aurelien Francillon
22th International World Wide Web Conference (WWW) , Rio de Janeiro, Brazil (acceptance rate: 15.0%)
Best Paper Nominee
Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations
Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Davide Balzarotti, Aurelien Francillon
Proceedings of the International Workshop on Cyber Crime (co-located with S\&P) , San Francisco, CA

2012

Analysis of the communication between colluding applications on modern smartphones
Claudio Marforio, Hubert Ritzdorf, Aurélien Francillon, Srdjan Capkun
Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC) , Orlando (acceptance rate: 19.0%)
Enabling trusted scheduling in embedded systems
Ramya Jayaram Masti, Claudio Marforio, Aanjhan Ranganathan, Aurélien Francillon, Srdjan Capkun
Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC) , Orlando (acceptance rate: 19.0%)
How can we determine if a device is infected or not?
Francillon, Aurélien, Jakobsson, Markus, Perrig, Adrian
Ghost in the Air (Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices
Andrei Costin, Aurélien Francillon
Black Hat USA
Physical-Layer Attacks on Chirp-based Ranging Systems
Ranganathan, Aanjhan, Danev, Boris, Francillon, Aurélien, Capkun, Srdjan
Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)
SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust
Karim El Defrawy, Aurelien Francillon, Daniele Perito, Gene Tsudik
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego

2011

EphPub: Toward Robust Ephemeral Publishing
Castelluccia, Claude, De Cristofaro, Emiliano, Francillon, Aurélien, Kaafar, Mohamed Ali
Proceedings of the IEEE International Conference on Network Protocols (ICNP)
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars
Aurélien Francillon, Boris Danev, Srdjan Capkun
Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA
Pay as you browse: microcomputations as micropayments in web-based services
Karame, Ghassan O., Francillon, Aurélien, Capkun, Srdjan
Proceedings of the 20th international conference on World wide web , Hyderabad, India

2009

Defending Embedded Systems Against Control Flow Attacks
Aurelien Francillon, Daniele Perito, Claude Castelluccia
SECUCODE'09, 1st ACM workshop on secure code execution
On the Difficulty of Software-Based Attestation of Embedded Devices
Castelluccia, Claude, Francillon, Aurélien, Perito, Daniele, Soriente, Claudio
CCS '09: Proceedings of the 16th ACM Conference on Computer and Communications Security , New York, NY, USA
Half-Blind Attacks: Mask ROM Bootloaders are Dangerous
Goodspeed, Travis, Francillon, Aurélien
WOOT '09, 3rd USENIX Workshop on Offensive Technologies

2008

Code injection attacks on Harvard-architecture devices
Francillon, Aurélien, Castelluccia, Claude
CCS '08: Proceedings of the 15th ACM Conference on Computer and Communications Security , Alexandria, Virginia, USA

2007

TinyRNG: A Cryptographic Random Number Generator for Wireless Sensors Network Nodes
Francillon, Aurélien, Castelluccia, Claude
5th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks and Workshops, 2007. WiOpt 2007

2005

Impacts of packet scheduling and packet loss distribution on FEC Performances: observations and recommendations
Neumann, Christoph, Roca, Vincent, Francillon, Aurélien, Furodet, David
CoNEXT '05: Proceedings of the 2005 ACM Conference on Emerging Network Experiment and Technology , Toulouse, France

Other publications (tech reports, demos, etc...)

[1]
Claudio Marforio, Francillon Aurélien, and Srdjan Čapkun. Application collusion attack on the permission-based security model and its implications for modern smartphone systems. Technical Report 724, ETH Zurich, April 2011. [ bib | .pdf ]
[2]
Claude Castelluccia and Aurélien Francillon. Sécurité dans les réseaux de capteurs (invited paper). In SSTIC 08 Symposium sur la Sécurité des Technologies de l'Information et des Communications 2008, Rennes, France, June 2008. [ bib | .pdf ]
[3]
Aurelien Francillon. Roadsec&sens : Réseaux de capteurs sécurisés, application á la sécurité routière. Demo at XIVes Rencontres INRIA - Industrie Confiance et Sécurité, October 2007. Demo, of the onging work in the ubisec&sens project, Vehicular Demonstrator. [ bib | .pdf ]
[4]
A. Francillon, V. Roca, C. Neumann, and P. Moniot. Method for ciphering data with error correction code, May 2011. US Patent 7,941,725 (a.k.a. EP Patent 1,964,301; WO Patent WO/2007/074,296 ; EP Patent 1,802,022 ; US Patent App. 12/086,899). [ bib ]
[5]
Aurélien Francillon, Vincent Roca, Christoph Neumann, and Pascal Moniot. Secure error-correction code. US Patent 20070174754, December 2005. [ bib | .html ]
[6]
Vincent Roca, Aurélien Francillon, and Sébastien Faurite. RFC 5776: Use of timed efficient stream loss-tolerant authentication (tesla) in the asynchronous layered coding (alc) and nack-oriented reliable multicast (norm) protocols. IETF Request for Comments, April 2010. RFC 5776. [ bib | .txt ]
[7]
STMicroelectronics/AST and INRIA/Planete. LDPC benchmarking for DVB-H. Document submitted to the DVB-H CDP Working Group, December 2005. [ bib | .pdf ]
[8]
Aurélien Francillon and Sylvain Deswaerte. Rohc, robust header compression, rtp/udp/ip demo. Demo at International Workshop on Multimedia Interactive Protocols and Systems (MIPS'04), October 2005. [ bib | .pdf ]