portrait




Hector Marco

PhD student in Computer Science, Cyber Security


My name is Hector Marco. I am doing a computer science Ph.D on Security systems at Institute of Computer Technology in the Universitat Politècnica de València. My research aims to identify and thwart critical security threats focusing on servers and smartphone platforms. I am interested on design and the study of low level protection mechanism to improve it. I particularly enjoyed hacking the libraries and the kernel of Linux.

I am fortunate to be advised by Prof. Ismael Ripoll who is supervising my thesis.

Education

Present       PhD in Computer Science - UPV

2010           Master's degree, Industrial Computing and Control Systems - UPV

2009           Bachelor of Science in Computer Science - UPV


Professional background

2010 - present       Security researcher - UPV

2007 - 2010           Researcher fellow - UPV


Patents

Title :   Renew Stack Smashing Protector (RenewSSP)
Inventors :   Hector Marco & Ismael Ripoll
Date :   August 2013
Status :   Patentability analysis

Publications

Preventing Memory Error Exploitation Through Emulation-based Processor Diversification [Book]
Héctor Marco, Ismael Ripoll, Juan-Carlos Ruiz and David De Andrés.
Emerging Trends in ICT Security, 1st Edition (ICT 2013)

Preventing brute force attacks against stack canary protection on networking servers [PDF]
Héctor Marco and Ismael Ripoll.
The 12th IEEE International Symposium on Network Computing and Applications (IEEE NCA13)

Preventing Memory Errors in Networked Vehicle Services Through Diversification [PDF]
Héctor Marco, Juan-Carlos Ruiz, David De Andrés and Ismael Ripoll.
Proceedings of Workshop CARS (2nd Workshop on Critical Automotive applications: Robustness & Safety) of the 32nd International Conference on Computer Safety, Reliability and Security. (Safecomp 2013)


Research collateral effects

2014           DCMTK <= 3.6.1 - DCMTK 3.6.1 Privilege escalation - CVE-2013-6825

2014           Bash <= 4.3 - Bash 4.3 setuid() bug

2014           s3dvt <= 0.2.2 - s3dvt-0.2.2 root shell - CVE-2013-6876

2014           s3dvt <= 0.2.2 - s3dvt-0.2.2 root shell - CVE-2014-1226

2014           Bash <= 4.3 - Bash 4.3 internal crash printf

2014           Irssi <= 8.16-rc1 - Irssi setuid() bug

2013           Eglibc/Glibc <= 2.17 - Glibc Mangle vulnerability - CVE-2013-4788


Projects with active participation (most relevant)

2012 - 2014       High Integrity Partitioned Embedded Systems - GII-UPV

2010 - 2012       System Impact of Distributed Multicore systems (EADS) - GII-UPV

2009 - 2011       Securization of embedded systems - GII-UPV

2008 - 2009       TECOM: Trusted Embedded Computing - GII-UPV

2008 - 2009       Securization of distributed embedded systems - GII-UPV


Other research activities

Journal :   Special issue on emerging trends in adaptive computation for mobiquitous systems
Activity :   reviewer
Date :   2014
Link :   ETACMOS 2014

Confer. :   Latin-American symposium on Dependable Computing
Activity :   reviewer
Date :   2012
Place :   Rio de janeiro, brasil
Link :   LADC 2013