Andrea Mambretti  Andrea Mambretti photo         

contact information

Security Researcher
Zurich Research Laboratory, Zurich, Switzerland
  +41dash44dash724dash84dash40

links



2021

Bypassing memory safety mechanisms through speculative control flow hijacks
Andrea Mambretti, Alexandra Sandulescu, Alessandro Sorniotti, William Robertson, Engin Kirda, Anil Kurmus
6th IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2021), IEEE

GhostBuster: understanding and overcoming the pitfalls of transient execution vulnerability checkers
Andrea Mambretti, Pasquale Convertini, Alessandro Sorniotti, Alexandra Sandulescu, Engin Kirda, Anil Kurmus
28th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2021), IEEE


2020

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing
William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, Manuel Egele
27th Annual Network and Distributed System Security Symposium, NDSS 2020 , The Internet Society


2019

Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations
Andrea Mambretti, Matthias Neugschwandtner, Alessandro Sorniotti, Engin Kirda, William Robertson, Anil Kurmus
35th Annual Computer Security Applications Conference (ACSAC 2019)

Two methods for exploiting speculative control flow hijacks
Andrea Mambretti, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Anil Kurmus
13th USENIX Workshop on Offensive Technologies (WOOT 19), USENIX Association, 2019


2018

Educational Game Design: An Empirical Study of the Effects of Narrative
Chaima Jemmali, Sara Bunian, Andrea Mambretti, Magy Seif El-Nasr
Proceedings of the 13th International Conference on the Foundations of Digital Games, pp. 34:1--34:10, ACM, 2018


2016

Trellis: Privilege Separation for Multi-User Applications Made Easy
Andrea Mambretti, Kaan Onarlioglu, Collin Mulliner, William Robertson, Engin Kirda, Federico Maggi, Stefano Zanero
International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2016

LAVA: Large-Scale Automated Vulnerability Addition
B. Dolan-Gavitt, P. Hulin, E. Kirda, T. Leek, A. Mambretti, W. Robertson, F. Ulrich, R. Whelan
2016 IEEE Symposium on Security and Privacy (SP), pp. 110-121




Projects and Groups


Technical Areas