Nicholas DeMarinis scite author profile

Nicholas DeMarinis

3Publications

83Citation Statements Received

87Citation Statements Given

How they've been cited

How they cite others

101

Affiliations

Providence College, Brown University, John Brown University

Publications

Order By: Most citations

Large-scale Debloating of Binary Shared Libraries

et al. 2020

View full text Add to dashboard Cite

Developers nowadays have access to an arsenal of toolkits and libraries for rapid application prototyping. However, when an application loads a library, the entirety of that library’s code is mapped into the process address space, even if only a single function is actually needed. The unused portion is bloat that can negatively impact software defenses by unnecessarily inflating their overhead or increasing the attack surface. In this article, we investigate whether debloating is possible and practical at the binary level. To this end, we present Nibbler : a system that identifies and erases unused functions within dynamic shared libraries. Nibbler works in tandem with defenses such as continuous code re-randomization and control-flow integrity, enhancing them without incurring additional run-time overhead. We developed and tested a prototype of Nibbler on x86-64 Linux; Nibbler reduces the size of shared libraries and the number of available functions, for real-world binaries and the SPEC CINT2006 suite, by up to 56% and 82%, respectively. We also demonstrate that Nibbler benefits defenses by showing that: (i) it improves the deployability of a continuous re-randomization system for binaries, namely, Shuffler, by increasing its efficiency by 20%, and (ii) it improves certain fast but coarse and context-insensitive control-flow integrity schemes by reducing the number of gadgets reachable through indirect branch instructions by 75% and 49%, on average. Last, we apply Nibbler on ≈30K C/C++ binaries and ≈5K unique dynamic shared libraries (i.e., almost the complete set of the Debian sid distribution), as well as on nine official Docker images (with millions of downloads in Docker Hub), reporting entrancing findings regarding code bloat at large.

show abstract

Scanning the Internet for ROS: A View of Security in Robotics Research

DeMarinis¹,

Tellex²,

Kemerlis³

et al. 2019

View full text Add to dashboard Cite

Because robots can directly perceive and affect the physical world, security issues take on particular importance. In this paper, we describe the results of our work on scanning the entire IPv4 address space of the Internet for instances of the Robot Operating System (ROS), a widely used robotics platform for research. Our results identified that a number of hosts supporting ROS are exposed to the public Internet, thereby allowing anyone to access robotic sensors and actuators. As a proof of concept, and with consent, we were able to read image sensor information and move the robot of a research group in a US university. This paper gives an overview of our findings, including the geographic distribution of publiclyaccessible platforms, the sorts of sensor and actuator data that is available, as well as the different kinds of robots and sensors that our scan uncovered. Additionally, we offer recommendations on best practices to mitigate these security issues in the future.

show abstract

Toward Usable Network Traffic Policies for IoT Devices in Consumer Networks

DeMarinis

Fonseca

2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.