Publications

Electronic version are available here for personal usage only. All copyrights remain to authors and copyright owners.

2011

• Gabriela Gheorghe, Bruno Crispo, Roberto Carbone, Lieven Desmet, Wouter Joosen, Deploy, adjust and readjust: Supporting dynamic reconfiguration of policy enforcement, ACM/IFIP/USENIX 12th International Middleware Conference, volume 7049, Lisboa, Portugal, 12-16 December 2011  [download] [bibtex]
• Steven Van Acker, Philippe De Ryck, Lieven Desmet, Frank Piessens, Wouter Joosen, WebJail: Least-privilege integration of third-party components in web mashups, Proceedings of the 27th Annual Computer Security Applications Conference, volume 1, issue 1, pages 307-316, Orlando, Florida, USA, 5-9 December 2011  [download] [bibtex]
• Philippe De Ryck, Lieven Desmet, Wouter Joosen, Frank Piessens, Automatic and precise client-side protection against CSRF attacks, European Symposium on Research in Computer Security (ESORICS 2011), Lecture Notes in Computer Science, volume 6879, pages 100-116, Leuven, Belgium, 12-14 September 2011  [download] [bibtex]
• Philippe De Ryck, Lieven Desmet, Pieter Philippaerts, Frank Piessens, A security analysis of next generation web standards, Technical Report, European Network and Information Security Agency (ENISA), 31 July 2011  [download] [bibtex]
• Tom Goovaerts, Lieven Desmet, Wouter Joosen, Scalable authorization middleware for service oriented architectures, Engineering Secure Software and Systems, Madrid, Spain, 9-10 February 2011  [download] [bibtex]
• Philippe De Ryck, Lieven Desmet, Wouter Joosen, Middleware support for complex and distributed security services in multi-tier web applications, Engineering Secure Software And Systems, Lecture Notes in Computer Science, Madrid, Spain, 9-10 February 2011  [download] [bibtex]
• Philippe De Ryck, Maarten Decat, Lieven Desmet, Frank Piessens, Wouter Joosen, Security of web mashups: a survey, Information Security Technology for Applications,15th Nordic Conference in Secure IT Systems (NordSec 2010), LNCS Vol. 7127, pages 223-238, Aalto University, Espoo, Finland, 27-30 October 2010 [download] [bibtex]

2010

• Lieven Desmet, Philippe De Ryck, CsFire: browser-enforced mitigation against CSRF, BruCON Security Conference 2010, Brussels, 24-25 September 2010 [abstract] [presentation]
• Lieven Desmet, Philippe De Ryck, CsFire: Browser-enforced mitigation against CSRF, OWASP AppSec Research 2010, Stockholm, Sweden, 23-24 June 2010 [abstract] [presentation]
• Maarten Decat, Philippe De Ryck, Lieven Desmet, Frank Piessens, Wouter Joosen, Towards building secure web mashups, OWASP AppSec Research 2010, Stockholm, Sweden, 23-24 June 2010 [download]
• Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens, Wouter Joosen, CsFire: Transparent client-side mitigation of malicious cross-domain requests, Lecture Notes in Computer Science, volume 5965, pages 18-34, Pisa, Italy, 3-4 February 2010 [download] [bibtex]

2009

• Wim Maes, Thomas Heyman, Lieven Desmet, Wouter Joosen, Browser protection against cross-site request forgery, Proceedings of the first ACM workshop on Secure execution of untrusted code, pages 3-10, Chicago, Illinois, USA, 9 November 2009 [download] [bibtex]
• Lieven Desmet, CSRF: the nightmare becomes reality?, OWASP AppSec Europe 2009, Poland, 13-14 May 2009 [presentation] [bibtex]
• Lieven Desmet, Wouter Joosen, Fabio Massacci, Naliuka Katsiaryna, Pieter Philippaerts, Frank Piessens, Dries Vanoverberghe, The S3MS.NET run time monitor, Lecture Notes in Computer Science, pages 47-52, York, 29 March 2009. [download] [bibtex]
• Lieven Desmet, Wouter Joosen, Fabio Massacci, Katsiaryna Naliuka, Pieter Philippaerts, Frank Piessens, Ida Siahaan, Dries Vanoverberghe, A security architecture for Web 2.0 applications, Towards the Future Internet - A European Research Perspective, 2009. [download] [bibtex]

2008

• Lieven Desmet, Wouter Joosen, Fabio Massacci, Pieter Philippaerts, Frank Piessens, Ida Siahaan, Dries Vanoverberghe, Security-by-contract on the .NET platform, Information security technical report, issue 1, volume 13, pages 25-32, 15 May 2008. [download] [bibtex] [doi]
• Lieven Desmet, Pierre Verbaeten, Wouter Joosen, and Frank Piessens, Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies, IEEE Transactions on Software Engineering, vol. 34,  no. 1,  pp. 50-64,  Jan.,  2008. [download] [bibtex] [doi] [Accompagning website]

2007

• Lieven Desmet, Fabio Massacci and Katsiaryna Naliuka, Multisession Monitor for .NET Mobile Applications: Theory and Implementation, presented at the 12th Nordic Workshop on Secure IT Systems, NordSec 2007. [download] [bibtex]
• Lieven Desmet, Wouter Joosen, Fabio Massacci, Katsiaryna Naliuka, Pieter Philippaerts, Frank Piessens, Dries Vanoverberghe, A flexible security architecture to support third-party applications on mobile devices, in Proceedings of the 2007 ACM workshop on Computer Security Architecture (CSAW 2007). [download] [bibtex] [doi]

2006

• Lieven Desmet, Frank Piessens, Wouter Joosen, and Pierre Verbaeten, Bridging the Gap Between Web Application Firewalls and Web Applications. Accepted at Formal Methods in Security Engineering (FMSE'06), November 3, Alexandria, Virginia, USA. [download] [bibtex] [doi]
• Lieven Desmet, Bart Jacobs, Frank Piessens, Wolfram Schulte, Jan Smans, Dries Vanoverberghe, Concern-specific annotation languages to support static detection of bugs in Java-like programs, presented at FMCO 2006. [download]
• Lieven Desmet, Frank Piessens, Wouter Joosen, and Pierre Verbaeten, Static Verification of Indirect Data Sharing in Loosely-coupled Component Systems. In SC 2006, (W. Löwe and M. Südholt, eds.), vol. 4089/2006, Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, 2006, pp.34-49. [download] [bibtex] [doi] [Accompagning website]

2005

• S. Michiels, N. Janssens, L. Desmet, T. Mahieu, W. Joosen, and P. Verbaeten, A component platform for flexible protocol stacks. In Component-Based Software Development for Embedded Systems: An Overview of Current Research Trends, (Atkinson, C. and Bunse, C. and Gross, H-G. and Peper, C., eds.), vol. 3778/2005, Lecture Notes in Computer Science, Springer-Verlag, GmbH, November, 2005, pp.185-208. [download] [bibtex] [doi]
• L. Desmet, F. Piessens, W. Joosen, and P. Verbaeten. Dependency analysis of the GatorMail webmail application, Report 427, Department of Computer Science, K.U.Leuven, Leuven, Belgium, September 2005. [download] [download without appendices] [bibtex]

2004

• L. Desmet, N. Janssens, S. Michiels, F. Piessens, W. Joosen and P. Verbaeten. Towards Preserving Correctness in Self-Managed Software Systems. In Proceedings of the Workshop on Self-Managing Systems (WOSS'04), New Port Beach, CA, USA, 2004. [download] [bibtex] [doi]
• N. Janssens , L. Desmet, S. Michiels and P. Verbaeten, NeCoMan: Middleware for Safe Distributed Service Deployment in Programmable Networks. In Proceedings of the Middleware 2004 Workshop on Reflective and Adaptive Middleware (RM 2004), October 2004, Ontario, Canada. [download] [bibtex] [doi]
• L. Desmet, B. Jacobs, F. Piessens, and W. Joosen, A generic architecture for web applications to support threat analysis of infrastructural components. In Proceedings of the Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK. [download] [bibtex] [doi]
• L. Desmet, B. Jacobs, F. Piessens, and W. Joosen, Threat Modelling for web services based web applications. In Proceedings of the Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK. [download] [bibtex] [doi]
• L. Desmet, F. Piessens, W. Joosen and P. Verbaeten. Improving software reliability in data-centered software systems by enforcing composition time constraints. In Proceedings of the ICSE/DSN 2004 Twin Workshop on Architecting Dependable Systems (WADS 2004). [download] [bibtex]
• S. Michiels, L. Desmet, W. Joosen and P. Verbaeten. The DiPS+ Software Architecture for Self-healing Protocol Stacks. In Proceedings of the 4th Working IEEE/IFIP Conference on Software Architecture (WICSA-4), Oslo, Norway, June 2004. [download] [bibtex] [doi]
• L. Desmet, F. Piessens, W. Joosen and P. Verbaeten. Infrastructural support for data dependencies in data-centered software systems. Poster abstract, Proceedings of the Third AOSD Workshop on Aspects, Components, and Patterns for Infrastruture Software (ACP4IS). [download] [bibtex]
• S. Michiels, L. Desmet and P. Verbaeten. A DiPS+ Case Study: A Self-healing RADIUS Server, Report CW 378, Departement of Computer Science, K.U.Leuven, Leuven, Belgium, February 2004. [download] [bibtex]

2003

• L. Desmet, L. Jaco, K. Mertens, and T. Verhanneman. COTS, the safety nightmare of component-oriented frameworks. Report CW 367, Department of Computer Science, K.U.Leuven, Leuven, Belgium, September 2003. [download] [bibtex]

2002

• S. Michiels, L. Desmet, N. Janssens, T. Mahieu, and P. Verbaeten. Self-adapting concurrency: The DMonA architecture. In D. Garlan, J. Kramer, and A. Wolf, editors, Proceedings of the First Workshop on Self-Healing Systems (WOSS'02), pages 43-48, Charleston, SC, USA, 2002. ACM SIGSOFT, ACM press. [download] [bibtex] [doi]
• L. Desmet. Adaptive System Software with the DiPS Component Framework. Master's thesis, K.U.Leuven, Dept. Computer Science, Leuven, Belgium, May 2002. [download] [bibtex]