portrait




Hector Marco

PhD student in Computer Science, Cyber Security

My name is Hector Marco. I am doing a computer science Ph.D on Security systems at Institute of Computer Technology in the Universitat Politècnica de València. My research aims to identify and thwart critical security threats focusing on servers and smartphone platforms. I am interested on design and the study of low level protection mechanism to improve it. I particularly enjoyed hacking the libraries and the kernel of Linux.

I am fortunate to be advised by Prof. Ismael Ripoll who is supervising my thesis.

Education

Present       PhD in Computer Science - UPV

2010           Master's degree, Industrial Computing and Control Systems - UPV

2009           Bachelor of Science in Computer Science - UPV


Professional background

2010 - present       Security researcher - UPV

2007 - 2010           Researcher fellow - UPV


Patents

Title :   Renew Stack Smashing Protector (RenewSSP)
Inventors :   Hector Marco & Ismael Ripoll
Date :   August 2013
Status :   Patent Pending

Publications

Preventing Memory Error Exploitation Through Emulation-based Processor Diversification [Book]
Héctor Marco, Ismael Ripoll Juan-Carlos Ruiz, David De Andrés.
Emerging Trends in ICT Security, 1st Edition (ICT 2013)

Preventing brute force attacks against stack canary protection on networking servers [PDF]
Héctor Marco, Ismael Ripoll.
The 12th IEEE International Symposium on Network Computing and Applications (IEEE NCA13)

Preventing Memory Errors in Networked Vehicle Services Through Diversification [PDF]
Héctor Marco, Juan-Carlos Ruiz, David De Andrés, Ismael Ripoll.
Proceedings of Workshop CARS (2nd Workshop on Critical Automotive applications: Robustness & Safety) of the 32nd International Conference on Computer Safety, Reliability and Security. (Safecomp 2013)


Research collateral effects

2014           DCMTK <= 3.6.1 - DCMTK 3.6.1 Privilege escalation

2014           Bash <= 4.3 - Bash 4.3 setuid() BUG

2014           s3dvt <= 0.2.2 - s3dvt-0.2.2 root shell

2014           Bash <= 4.3 - Bash 4.3 internal crash printf

2014           Irssi <= 8.16-rc1 - Irssi setuid() bug

2013           Eglibc/Glibc <= 2.17 - Glibc Mangle vulnerability CVE-2013-4788


Projects with active participation (most relevant)

2012 - 2014       High Integrity Partitioned Embedded Systems - GII-UPV

2010 - 2012       System Impact of Distributed Multicore systems (EADS) - GII-UPV

2009 - 2011       Securization of embedded systems - GII-UPV

2008 - 2009       TECOM: Trusted Embedded Computing - GII-UPV

2008 - 2009       Securization of distributed embedded systems - GII-UPV


Other research activities

Conference :   Latin-American Symposium on Dependable Computing (LADC 2013).
Activity :   Reviewer
Date :   2012
Placey :   Rio de Janeiro, Brasil