About

Yves Younan leads the Vulnerability Discovery & Research team within the Talos Security Intelligence and Research Group at Cisco. Cisco purchased Sourcefire in 2013.

Prior to joining Sourcefire's Vulnerability Research Team, he worked as a Security Researcher with BlackBerry Security. Before joining BlackBerry, he was an academic, founding the Native Code Security group within the DistriNet research group at the Katholieke Universiteit Leuven in Belgium.

He received a Master in Computer Science from the Vrije Universiteit Brussel and a PhD in Engineering: Computer Science from the Katholieke Universiteit Leuven. His PhD focussed on efficient countermeasures against code injection attacks on programs written in C and C++.

Twitter: https://twitter.com/ace_yy
Linked-in: https://www.linkedin.com/in/yyounan/

Conference papers

• FreeSentry: protecting against use-after-free vulnerabilities due to dangling pointers,
  Yves Younan, in Proceedings of the Network and Distributed System Security Symposium (NDSS) , San Diego, California, February 2015 [PDF]
• RIPE: Runtime Intrustion Prevention Evaluator,
  John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, Wouter Joosen, in Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC) , Orlando, Florida, December 2011 [PDF]
• Hello rootKitty: A lightweight invariance-enforcing framework,
  Francesco Gadaleta, Nick Nikiforakis, Yves Younan, Wouter Joosen, in Proceedings of the 14th Information Security Conference (ISC) , Xi'an, China, October 2011 [PDF]
• Code pointer masking: Hardening applications against code injection attacks,
  Pieter Philippaerts, Yves Younan, Stijn Muylle, Frank Piessens, Sven Lachmund, Thomas Walter, in Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Amsterdam, The Netherlands, July 2011 [PDF]
• Sessionshield: Lightweight protection against session hijacking,
  Nick Nikiforakis, Wannes Meert, Yves Younan, Martin Johns, Wouter Joosen, in Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS) , Madrid, Spain, February 2011 [PDF]
• ValueGuard: Protection of native applications against data-only buffer overflows,
  Steven Van Acker, Nick Nikiforakis, Pieter Philippaerts, Yves Younan, Frank Piessens, in Proceedings of the 6th International Conference on Information Systems Security (ICISS) , Gandhinagar Gujarat, India, December 2010 [PDF]
• JITSEC: Just-in-time: security for code injection attacks,
  Willem De Groef, Nick Nikiforakis, Yves Younan, Frank Piessens, in Proceedings of the Benelux Workshop on Information and System Security (WISSEC) , Nijmegen, The Netherlands, November 2010 [PDF]
• Hproxy: Client-side detection of SSL stripping attacks,
  Nick Nikiforakis, Yves Younan, Wouter Joosen, in Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Bonn, Germany, July 2010 [PDF]
• Paricheck: An efficient pointer arithmetic checker for C programs,
  Yves Younan, Pieter Philippaerts, Lorenzo Cavallaro, R. Sekar, Frank Piessens, Wouter Joosen, in Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASICACCS) , Bejing, China, April 2010 [PDF]
• Efficient and effective buffer overflow protection on ARM processors,
  Raoul Strackx, Yves Younan, Pieter Philippaerts, Frank Piessens, in Proceedings of the Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices , Passau, Germany, April 2010 [PDF]
• Bubble: a JavaScript engine level countermeasure against heap-spraying attacks,
  Francesco Gadaleta, Yves Younan, Wouter Joosen, in Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS) , Pisa, Italy, February 2010 [PDF]
• Filter-resistant code injection on ARM,
  Yves Younan, Pieter Philippaerts, Frank Piessens, Wouter Joosen, Sven Lachmund, Thomas Walter, in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS) , Chicago, Illinois, November 2009 [PDF]
• Protecting global and static variables from buffer overflow attacks,
  Yves Younan, Frank Piessens, Wouter Joosen, in Proceedings of the 3rd International Workshop on Secure Software Engineering (SecSE) , Fukuoka, Japan, March 2009 [PDF]
• Breaking the memory secrecy assumption,
  Raoul Strackx, Yves Younan, Pieter Philippaerts, Frank Piessens, Sven Lachmund, Thomas Walter, in Proceedings of the European Workshop on System Security (Eurosec) , Nuremberg, Germany, March 2009 [PDF]
• Instruction-level countermeasures against stack-based buffer overflow attacks,
  Francesco Gadaleta, Yves Younan, Bart Jacobs, Wouter Joosen, Erik De Neve, Nils Beosier, in Proceedings of the EuroSys Workshop on Virtualization Technology for Dependable Systems (VTDS) , Nuremberg, Germany, March 2009 [PDF]
• Extended protection against stack smashing attacks without performance loss,
  Yves Younan, Wouter Joosen, Frank Piessens, in Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC) , Miami, Florida, December 2006 [PDF]
• Efficient protection against heap-based buffer overflows without resorting to magic,
  Yves Younan, Wouter Joosen, Frank Piessens, in Proceedings of the International Conference on Information and Communication Security (ICICS) , Raleigh, North Carolina, December 2006 [PDF]
• Applying machinemodel-aided countermeasure design to improve memory allocator security,
  Yves Younan, Wouter Joosen, Frank Piessens, in Proceedings of the 22nd Chaos Communication Congress (CCC) , Berlin, Germany, December 2005 [PDF]
• A methodology for designing countermeasures against current and future code injection attacks,
  Yves Younan, Wouter Joosen, Frank Piessens, in Proceedings of the 3rd IEEE International Information Assurance Workshop (IWIA) , College Park, Maryland, March 2005 [PDF]

Journal Articles

• CPM: Masking Code Pointers to Prevent Code Injection Attacks,
  Pieter Philippaerts, Yves Younan, Stijn Muylle, Frank Piessens, Sven Lachmund, Thomas Walter, ACM Transactions on Information and System Security (TISSEC) , 16(1) , June 2013 [PDF]
• Runtime countermeasures for code injection attacks against C and C++ programs,
  Yves Younan, Wouter Joosen, Frank Piessens, ACM Computing Surveys , 44(3) , June 2012 [PDF]
• Filter-resistant code injection on ARM,
  Yves Younan, Pieter Philippaerts, Frank Piessens, Wouter Joosen, Sven Lachmund, Thomas Walter, Journal in Computer Virology , 7(3) , August 2011 [PDF]
• Improving memory management security for C and C++. ,
  Yves Younan, Wouter Joosen, Frank Piessens, Hans Van den Eynden, International Journal of Secure Software Engineering , 1(2) , June 2010 [PDF]
• Alphanumeric RISC ARM shellcode,
  Yves Younan, Pieter Philippaerts, Phrack , 66 , June 2009 [TXT]

Books, Book Chapters and Theses

• Low-level Software Security by Example,
  Ulfar Erlingsson, Yves Younan, Frank Piessens, Springer , chapter in Handbook of Communication and Information Security , April 2010 [Amazon]
• Security Middleware for Mobile Applications,
  Bart De Win, Tom Goovaerts, Wouter Joosen, Pieter Philippaerts, Frank Piessens, Yves Younan, Springer , chapter in Middleware for Network Eccentric and Mobile Applications , April 2009 [Amazon]
• Memory error exploits in C: vulnerabilities and countermeasures,
  Yves Younan, Wouter Joosen, VDM-Verlag , October 2008 [Amazon]
• Efficient countermeasures for software vulnerabilities due to memory management errors,
  Yves Younan, PhD Thesis, Katholieke Universiteit Leuven , May 2008 [PDF]
• An overview of common programming security vulnerabilities and possible solutions,
  Yves Younan, Master Thesis, Vrije Universiteit Brussel , September 2003 [PDF]

Contact

First two letters of my first name, followed by my last name at fort-knox.org.
So if my name was John Smith, that would be josmith@fort-knox.org.