Hector Marco

Concluding PhD in Computer Science, Cyber Security


My name is Hector Marco. I am doing a computer science Ph.D on Security systems at Departamento de Informática de Sistemas y Computadores (DISCA) in the Universitat Politècnica de València (UPV). My research aims to identify and thwart critical security threats focusing on servers and smartphone platforms. I am interested on design and the study of low level protection mechanism to improve it. I particularly enjoyed hacking the libraries and the kernel of Linux.

I am fortunate to be advised by Prof. Ismael Ripoll who is supervising my thesis.

Education

Present PhD in Computer Science, Cyber Security UPV
2010 Master's degree, Industrial Computing and Control Systems UPV
2009 Bachelor of Science in Computer Science UPV

Professional background

2010 - present Cyber-Security researcher UPV
2014 - 2014 Researcher visitor at Czech Technical University in Prague UPV
2007 - 2010 Researcher fellow UPV

Patents

Title :   Renew Stack Smashing Protector (RenewSSP)
Inventors :   Hector Marco & Ismael Ripoll
Date :   August 2013
Status :   Patentability analysis


Publications

On the Effectiveness of Full-ASLR on 64-bit Linux - A new disclosorue ! [+info]
Héctor Marco and Ismael Ripoll.
In-depth security conference 2014 europe, (DEEPSEC 2014)

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows [PDF]
Héctor Marco and Ismael Ripoll.
The 13th IEEE International Symposium on Network Computing and Applications (IEEE NCA14)

Preventing Memory Error Exploitation Through Emulation-based Processor Diversification [Book]
Héctor Marco, Ismael Ripoll, Juan-Carlos Ruiz and David De Andrés.
Emerging Trends in ICT Security, 1st Edition (ICT 2013)

Preventing brute force attacks against stack canary protection on networking servers [PDF]
Héctor Marco and Ismael Ripoll.
The 12th IEEE International Symposium on Network Computing and Applications (IEEE NCA13)

Preventing Memory Errors in Networked Vehicle Services Through Diversification [PDF]
Héctor Marco, Juan-Carlos Ruiz, David De Andrés and Ismael Ripoll.
Proceedings of Workshop CARS (2nd Workshop on Critical Automotive applications: Robustness & Safety) of the 32nd International Conference on Computer Safety, Reliability and Security. (Safecomp 2013)



Research collateral effects


Published CVE's


Date CVE # Product Description Vulnerability type

2014 CVE-2014-XXXX Linux To be disclosed To be disclosed
2014 CVE-2014-XXXX Android To be disclosed To be disclosed
2014 CVE-2014-XXXX Grub2 To be disclosed To be disclosed
2014 CVE-2014-5439 sniffit <= 0.3.7 Root shell Stack buffer overflow
2014 CVE-2013-6825 DCMTK <= 3.6.1 Root Privilege escalation Drop privileges failed
2014 CVE-2014-1226 s3dvt <= 0.2.2 Root shell (II) Drop privileges failed
2013 CVE-2013-6876 s3dvt <= 0.2.2 Root shell (I) Drop privileges failed
2013 CVE-2013-4788 Eglibc/Glibc <= 2.17 No pointer protection Incorrect implementation

Other Vulnerabilities


Date Product Description Vulnerability type

2014 Bash <= 4.3 Root shell Bash drop privileges failed
2014 Bash <= 4.3 Crash Bash improper input handling
2014 Irssi <= 8.16-rc1 Root shell Irssi drop privileges failed
2014 Konica printer To be disclosed To be disclosed


Projects with active participation (most relevant)

2012 - 2014 High Integrity Partitioned Embedded Systems UPV
2010 - 2012 System Impact of Distributed Multicore systems (EADS) UPV
2009 - 2011 Securization of embedded systems UPV
2008 - 2009 TECOM: Trusted Embedded Computing UPV
2008 - 2009 Securization of distributed embedded systems UPV

Other research activities

Journal :   Special issue on emerging trends in adaptive computation for mobiquitous systems
Activity :   reviewer
Date :   2014
Link :   ETACMOS 2014

Confer. :   Latin-American symposium on Dependable Computing
Activity :   reviewer
Date :   2012
Place :   Rio de janeiro, brasil
Link :   LADC 2013