|
|
Juan Caballero
Ph.D. Candidate
Electrical and Computer Engineering
Department
Carnegie Mellon
University
Currently I am visiting at UC
Berkeley
Contact:
Phone:
(510) 643-0171
Address:
Soda
Hall 517
Computer
Science
Division
University
of
California
Berkeley, CA
94720-1776
USA |
I am
a Ph.D
candidate at ECE in Carnegie
Mellon University
advised by Professor Dawn
Song.
Currently, I am visiting at EECS in UC Berkeley where my advisor got a
position.
My interest
lies
in
Computer Security and
Networking with an
emphasis on
Network Security. I
have
done
research
on Binary
Analysis, Web Security,
Protocol
Reverse Engineering, Fingerprinting, Network
Robustness
against failures,
Anomaly
Detection, Worm
Detection,
and
Intrusion
Detection.
I am a
member of both the Bitblaze and Webblaze research groups.
The
Bitblaze research group focuses on applying
binary
analysis techniques to
different security
problems,
while the Webblaze
research group focuses on improving
web security.
Before coming
to
CMU, I
received a
Telecommunication
Engineer degree
from Universidad
Politecnica
de
Madrid (UPM)
in
Madrid,
Spain
and a
M.Sc. in Electrical and
Computer
Engineering
from
the Royal Institute
of
Technology
(KTH) in
Stockholm,
Sweden.
During my studies I
have been fortunate
to work
with many outstanding
people,
including Chenxi
Wang at
Forrester Research,
Christopher
Olston at Yahoo Research, Vern
Paxson
at ICSI / UC Berkeley,
Jennifer Yates and
Jia
Wang at AT&T Research Labs,
George Liu and
Gerald "Chip" Maguire at
KTH.
In October 2003 I was awarded the La Caixa
Foundation Fellowship, arguably the most
prestigious fellowship for
international graduate
studies
awarded in Spain.
Starting in May
2002 and
for two
years I held positions as R&D
Engineer
and
Systems Engineer in Orange (formerly Amena),
a spanish cell phone carrier.
Bug Finding
CVE-2008-3465 (MS08-071)
Heap-based buffer overflow in an
gdi32.dll
Affects: Microsoft Windows
2000 SP4, XP
SP2 and SP3, Server
2003 SP1 and SP2, Vista Gold and SP1, and
Server
2008
Publications
Refereed
- [RAID 2009] Towards Generating High Coverage Vulnerability-Based
Signatures with Protocol-Level Constraint-Guided
Exploration
Juan Caballero, Zhenkai Liang, Pongsin Poosankam, and
Dawn Song.
In
Proceedings of the 12th
International Symposium on Recent Advances in
Intrusion Detection,
Saint-Malo,
France,
September 2009.
- [Oakland 2009] Secure Content Sniffing for Web Browsers or How to Stop
Papers from Reviewing Themselves
PDF Bibtex
Adam
Barth, Juan Caballero, and Dawn Song.
In
Proceedings of the 30th IEEE
Symposium on Security &
Privacy,
Oakland, CA,
May 2009.
Acceptance Rate:
10.2%
Our
String-Enhanced White-Box
Exploration technique is detailed
in our
companion Technical
Report
- [ICISS2008] BitBlaze: A New Approach to Computer Security via Binary
Analysis
PDF Bibtex
Dawn Song, David
Brumley, Heng Yin, Juan
Caballero, Ivan Jager, Min Gyung
Kang, Zhenkai Liang, James
Newsome,
Pongsin Poosankam, and
Prateek Saxena
.
In
Proceedings of the 4th International
Conference on
Information Systems Security,
Hyderabad,
India,
December 2008.
*
Invited
paper
- [NDSS 2008] Would Diversity Really Increase the Robustness of the
Routing Infrastructure against Software
Defects? PDF Bibtex
Juan Caballero, Theocharis
Kampouris, Dawn Song, and Jia Wang.
In
Proceedings of the 15th
Annual Network and
Distributed System Security Symposium, San Diego,
CA,
February
2008.
Acceptance Rate: 17.8%
We
also have
an extended, though
less
polished, version
containing all the
algorithms and more results PDF
- [CCS 2007] Polyglot: Automatic
Extraction of Protocol Message Format using
Dynamic Binary Analysis.
PDF Bibtex Slides
Juan Caballero,
Heng Yin, Zhenkai Liang, and Dawn Song.
In
Proceedings of the 14th ACM
Conference on Computer
and Communication Security, Alexandria, VA,
October
2007.
Acceptance Rate:
18.0%
- [USENIX Security 2007] Towards
Automatic Discovery of Deviations in Binary
Implementations with
Applications to Error
Detection and Fingerprint Generation. PDF Bibtex
David Brumley, Juan Caballero, Zhenkai
Liang, James Newsome, and Dawn Song.
In
Proceedings of the 16th USENIX
Security Symposium,
Boston, MA, August 2007.
Acceptance
Rate: 12.3%
*
Conference
Best
Paper
Award
- [DIMVA 2007] Distributed Evasive Scan Techniques and Countermeasures.
PDF Bibtex
Min Gyung Kang, Juan Caballero, and
Dawn Song.
In Proceedings of the Fourth GI
International Conference on
Detection of
Intrusions & Malware, and
Vulnerability
Assessment,
Lucerne, Switzerland, July
2007.
Acceptance
Rate: 24.5%
- [NDSS 2007] FiG:
Automatic Fingerprint Generation. PDF Bibtex
Juan Caballero, Shobha Venkataraman,
Pongsin Poosankam, Min Gyung Kang, Dawn Song and
Avrim Blum.
In Proceedings
of the 14th Annual
Network and Distributed System
Security
Symposium,
San
Diego, CA,
February 2007.
Acceptance Rate: 14.4%
- [HOTNETS 2006] Black-box Anomaly Detection:
Is it Utopian? PDF Bibtex
Shobha Venkataraman, Juan Caballero,
Dawn Song, Avrim Blum and Jennifer Yates.
In
Proceedings of the Fifth
Workshop on Hot Topics in
Networking (HotNets-V), Irvine, CA, November
2006.
Acceptance Rate: 20.1%
Technical Reports
-
UCB-EECS-2009-36: Extracting Models of
Security-Sensitive
Operations using String-Enhanced
White-Box
Exploration on Binaries
PDF Bibtex
Juan Caballero,
Stephen McCamant, Adam Barth, and
Dawn Song.
EECS Department,
University of
California, Berkeley.
Publication
Date: March 6,
2009
-
CMU-CyLab-08-009: Towards Generating High
Coverage Vulnerability-based Signatures with
Protocol-level
Constraint-guided
Exploration PDF Bibtex
Juan
Caballero, Zhenkai Liang,
Pongsin Poosankam, and Dawn
Song.
Cylab, Carnegie Mellon
University.
Publication
Date: June 24,
2008
-
CMU-CyLab-07-014: Rosetta: Extracting Protocol
Semantics using Binary Analysis with Applications
to
Protocol Replay and
NAT
Rewriting PDF Bibtex
Juan
Caballero and Dawn Song.
Cylab,
Carnegie Mellon
University.
Publication Date:
October 9,
2007
Thesis
Juan Caballero and
Daniel
Malmkvist.
M.Sc. thesis at Royal
Institute of
Technology, Stockholm,
Sweden, January
2002.