About | Publications | Projects

About


I hold a B.Sc. in Physics from the University of Athens, an M.Sc. in Computer Science from the University of Crete, and a Ph.D. in Computer Science from the University of Crete. My Ph.D. was funded by Microsoft Research Cambridge.

I spent two years in beautiful NYC as an IOF Marie Curie fellow with Columbia University working with the awesome Network Security Lab. I am now with FORTH-ICS completing the final phase of my Marie Curie fellowship. My research interests include all aspects of systems' security and privacy. (CV)

Conferences/Journals


Face/Off: Preventing Privacy Leakage From Photos in Social Networks
Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, Sotiris Ioannidis
In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS).
Denver, CO, US, October 2015.

Two-factor Authentication: Is the World Ready? Quantifying 2FA Adoption
Thanasis Petsas, Giorgos Tsirantonakis, Elias Athanasopoulos, and Sotiris Ioannidis
In Proceedings of the 8th European Workshop on System Security (EUROSEC 2015).
Bordeaux, France, April 2015.

The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines
Michalis Athanasakis, Elias Athanasopoulos, Michalis Polychronakis, Georgios Portokalidis, and Sotiris Ioannidis
In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015).
San Diego, CA, US, February 2015.

PixelVault: Using GPUs for Securing Cryptographic Operations
Giorgos Vasiliadis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis
In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS).
Scottsdale, Arizona, US, November 2014.

Flying Memcache: Lessons Learned from Different Acceleration Strategies
Dimitris Deyannis, Lazaros Koromilas, Giorgos Vasiliadis, Elias Athanasopoulos, and Sotiris Ioannidis
In Proceedings of the International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD).
Paris, France, October 2014.

Size Does Matter - Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard
Enes Göktaş, Elias Athanasopoulos, Michalis Polychronakis, Herbert Bos, and Georgios Portokalidis
In Proceedings of the 23rd USENIX Security Symposium.
San Diego, CA, US, August 2014.

AndRadar: Fast Discovery of Android Applications in Alternative Markets
Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, and Sotiris Ioannidis
In Proceedings of the 11th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA).
Egham, UK, July 2014.

Out Of Control: Overcoming Control-Flow Integrity
Enes Göktaş, Elias Athanasopoulos, Herbert Bos, and Georgios Portokalidis
In Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland).
San Jose, CA, US, May 2014.
Enes won the DCSR best paper award!

Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware
Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis
In Proceedings of the 7th ACM European Workshop on System Security (EUROSEC).
Amsterdam, The Netherlands, April 2014.

The man who was there: Fortifying the Economy of Location-Based Services
Iasonas Polakis, Stamatis Volanis, Elias Athanasopoulos, and Evangelos P. Markatos
In Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC).
New Orleans, LA, US, December 2013.

SAuth: Protecting User Accounts from Password Database Leaks
Georgios Kontaxis, Elias Athanasopoulos, Georgios Portokalidis, and Angelos D. Keromytis
In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS).
Berlin, Germany, November 2013.

Practical Information Flow for Legacy Web Applications
Georgios Chinis, Polyvios Pratikakis, Elias Athanasopoulos, and Sotiris Ioannidis
In Proceedings of the International Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems (ICOOOLPS), co-located with ECOOP.
Montpellier, France, July 2013.

kGuard: Lightweight Kernel Protection
Vasileios P. Kemerlis, Georgios Portokalidis, Elias Athanasopoulos, and Angelos D. Keromytis
In Proceedings of the USENIX ;login: Magazine, vol. 37, no. 6, pp. 7 - 14.
December 2012.

Digging up Social Structures from Documents on the Web
Eleni Gessiou, Stamatis Volanis, Elias Athanasopoulos, Evangelos P. Markatos, and Sotiris Ioannidis
In Proceedings of the IEEE Global Communications Conference (GLOBECOM).
Anaheim, California, USA, December 2012.

Exploiting Split Browsers for Efficiently Protecting User Data
Angeliki Zavou, Elias Athanasopoulos, Georgios Portokalidis, and Angelos D. Keromytis
In Proceedings of the ACM Cloud Computing Security Workshop (CCSW).
Raleigh, NC, USA, October 2012.

ARC: Protecting against HTTP Parameter Pollution Attacks Using Application Request Caches
Elias Athanasopoulos, Vasileios P. Kemerlis, Michalis Polychronakis, and Evangelos P. Markatos
In Proceedings of the 10th International Conference on Applied Cryptography and Network Security (ACNS).
Singapore, June 2012.

Towards a Universal Data Provenance Framework using Dynamic Instrumentation
Eleni Gessiou, Vasilis Pappas, Elias Athanasopoulos, Angelos D. Keromytis, and Sotiris Ioannidis
In Proceedings of the 27th IFIP International Information Security and Privacy Conference (IFIP SEC).
Heraklion, Crete, Greece, June 2012.

CensMon: A Web Censorship Monitor
Andreas Sfakianakis, Elias Athanasopoulos, and Sotiris Ioannidis
In Proceedings of the 1st USENIX Workshop on Free and Open Communications on the Internet (FOCI), co-located with USENIX Security.
San Francisco, CA, US, August 2011.

we.b: The Web of Short URLs
Demetris Antoniades, Iasonas Polakis, Giorgos Kontaxis, Elias Athanasopoulos, Sotiris Ioannidis, Evangelos P. Markatos, and Thomas Karagiannis
In Proceedings of the 20th International World Wide Web Conference (WWW).
Hyderabad, India, March 2011.

Understanding The Behavior of Malicious Applications in Social Networks
Andreas Makridakis, Elias Athanasopoulos, Spyros Antonatos, Demetres Antoniades, Sotiris Ioannids, and Evangelos P. Markatos
In Proceedings of the IEEE Network.
September-October 2010.

An Architecture For Enforcing JavaScript Randomization in Web2.0 Applications (short paper)
Elias Athanasopoulos, Antonis Krithinakis, and Evangelos P. Markatos
In Proceedings of the 13th Information Security Conference (ISC).
Boca Raton, Florida, October 2010.

D(e|i)aling with VoIP: Robust Prevention of DIAL Attacks
Alexandros Kapravelos, Iasonas Polakis, Elias Athanasopoulos, Sotiris Ioannidis, and Evangelos P. Markatos
In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS).
Athens, Greece, September 2010.

xJS: Practical XSS Prevention for Web Application Development
Elias Athanasopoulos, Vasilis Pappas, Antonis Krithinakis, Spyros Ligouras, Evangelos P. Markatos, and Thomas Karagiannis
In Proceedings of the 1st USENIX Conference on Web Application Development (WebApps).
Boston, Massachusetts, June 2010.

Isolating JavaScript in Dynamic Code Environments
Antonis Krithinakis, Elias Athanasopoulos, and Evangelos P. Markatos
In Proceedings of the 1st Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications (APLWACA), co-located with PLDI.
Toronto, Canada, June 2010.

Hunting Cross-Site Scripting Attacks in the Network
Elias Athanasopoulos, Antonis Krithinakis, and Evangelos P. Markatos
In Proceedings of the 4th Workshop on Web 2.0 Security & Privacy (W2SP).
Oakland, California, May 2010.

Code-Injection Attacks in Browsers Supporting Policies
Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos
In Proceedings of the 3rd Workshop on Web 2.0 Security & Privacy (W2SP).
Oakland, California, May 2009.

WISDOM: Security-Aware Fibres
Elias Athanasopoulos, Antonis Krithinakis, Georgios Kopidakis, Graeme Maxwell, Alistair Poustie, Bob Manning, Rod Webb, Martin Koyabe, Carla Di Cairano-Gilfedder
In Proceedings of the 2nd ACM European Workshop on System Security (EUROSEC).
Nuremberg, Germany, March 2009.

WSIM: A software platform to simulate all-optical security operations
Antonis Krithinakis, Lubomir Stroetmann, Elias Athanasopoulos, Georgios Kopidakis, Evangelos P. Markatos
In Proceedings of the 2nd European Conference on Computer Network Defense (EC2ND).
Dublin, Ireland, December 2008.

Topnet: A Network-aware top(1)
Antonis Theocharides, Demetres Antoniades, Michalis Polychronakis, Elias Athanasopoulos, and Evangelos P. Markatos
In Proceedings of the 22nd USENIX Large Installation Systems Administration (LISA) Conference.
San Diego, California, November 2008.

Antisocial Networks: Turning a Social Network into a Botnet
Elias Athanasopoulos, Andreas Makridakis, Spyros Antonatos, Demetres Antoniades, Sotiris Ioannidis, Kostas G. Anagnostakis, and Evangelos P. Markatos
In Proceedings of the 11th Information Security Conference (ISC).
Taipei, Taiwan, September 2008.
We got Slashdotted! Check also the Wired, ZDNet, TheRegister, NewScientist and TechCrunch stories.

Compromising Anonymity Using Packet Spinning
Vasilis Pappas, Elias Athanasopoulos, Sotiris Ioannidis, and Evangelos P. Markatos
In Proceedings of the 11th Information Security Conference (ISC).
Taipei, Taiwan, September 2008.

GAS: Overloading a File Sharing Network as an Anonymizing System
Elias Athanasopoulos, Mema Roussopoulos, Kostas G. Anagnostakis, Evangelos P. Markatos
In Proceedings of the 2nd International Workshop on Security (IWSEC).
Nara, Japan, October 2007.

Alice, what did you do last time? Fighting Phishing Using Past Activity Tests
Nikos Nikiforakis, Andreas Makridakis, Elias Athanasopoulos, and Evangelos P. Markatos
In Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND).
Heraklion, Greece, October 2007.

Enhanced CAPTCHAs: Using Animation To Tell Humans And Computers Apart
Elias Athanasopoulos and Spiros Antonatos
In Proceedings of the 10th IFIP Open Conference on Communications and Multimedia Security.
Heraklion, Crete, October 2006.

Misusing Unstructured P2P Systems to Perform DoS Attacks: The Network that Never Forgets
Elias Athanasopoulos, Kostas G. Anagnostakis and Evangelos P. Markatos
In Proceedings of the 4th International Conference on Applied Cryptography and Network Security (ACNS).
Singapore, June 2006.
Check out the Netcraft article.

A Feedback-based Approach to Reduce Duplicate Messages in Unstructured Peer-to-Peer Networks
Charis Papadakis, Paraskevi Fragopoulou, Elias Athanasopoulos, Marios Dikaiakos, Alexandros Labrinidis, Evangelos Markatos
In Proceedings of the CoreGRID Integration Workshop.
Pisa, Italy, November 2005.

Thesis


Modern Techniques for the Detection and Prevention of Web2.0 Attacks
Elias Athanasopoulos
Ph.D. Thesis.
Supervisor: Professor Evangelos P. Markato, May 2011.

Using Unstructured Peer-to-Peer Systems as Denial of Service Attack Platforms
Elias Athanasopoulos
M.Sc. Thesis.
Supervisor: Professor Evangelos P. Markatos, November 2006.

ruby-root: Extending ROOT's functionality with a Ruby interpreter interface
Elias Athanasopoulos
Diploma Thesis.
Supervisor: Professor George Tzanakos, February 2005.

Articles


Think B4 U post!
Elias Athanasopoulos and Meltini Christodoulaki
Article in the Economist of Kathimerini.
Greece, March, 2010.

On Exploiting a File Sharing System for DDoS Attacks
Elias Athanasopoulos, Kostas G. Anagnostakis, and Evangelos P. Markatos
Article in the Enisa Quarterly.
On-Line, October, 2006.

Technical Reports


HomeMaestro: Order from Chaos in Home Networks
Thomas Karagiannis, Elias Athanasopoulos, Christos Gkantsidis, Peter Key
Technical Report.
MSR-TR-2008-84, 2008.

Physics


MINOS 4 Plane Prototype Offline Analysis Framework
Costas Andreopoulos, Elias Athanasopoulos, Bruce Baller, Albero Marchionni, and George Tzanakos
NuMI Note.
NuMI-Note-COMP-992, 2003.

Spatial Tessellation Techniques for the MINOS Magnetic Field
Costas Andreopoulos, Elias Athanasopoulos, and George Tzanakos
NuMI Note.
NuMI-Note-COMP-993, 2003.

Projects

SAuth
Password-based authentication is the dominant form of access control in web services. Unfortunately, it proves to be more and more inadequate every year. Even if users choose long and complex passwords, vulnerabilities in the way they are managed by a service may leak them to an attacker. Recent incidents in popular services such as LinkedIn and Twitter demonstrate the impact that such an event could have. The use of one-way hash functions to mitigate the problem is countered by the evolution of hardware which enables powerful password-cracking platforms. This research project proposes SAuth, a protocol which employs authentication synergy among different services. Users wishing to access their account on service S will also have to authenticate for their account on service V , which acts as a vouching party. Both services S and V are regular sites visited by the user everyday (e.g., Twitter, Facebook, Gmail). Should an attacker acquire the password for service S he will be unable to log in unless he also compromises the password for service V and possibly more vouching services. SAuth is an extension and not a replacement of existing authentication methods. It operates one layer above them without ties to a specific method, thus enabling different services to employ heterogeneous systems. We complement our design with password decoys to protect users that share a password across services.

Related Publications
SAuth: Protecting User Accounts from Password Database Leaks
Georgios Kontaxis, Elias Athanasopoulos, Georgios Portokalidis, and Angelos D. Keromytis
In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS).
Berlin, Germany, November 2013.



xJS
A fast and practical XSS prevention system which isolates all legitimate client-side code from possible code injections. xJS is a lightweight mechanism that is based on the concept of the Instruction Set Randomization (ISR). It is currently implemented in three leading web browsers, namely FireFox, WebKit and Chromium, and in the Apache web server. The framework can successfully prevent all 1,380 real-world attacks that were collected from a well-known XSS attack repository. Furthermore, xJS imposes negligible computational overhead in both the server and the client side, and has no negative side-effects in the overall user's browsing experience.

Related Publications
xJS: Practical XSS Prevention for Web Application Development
Elias Athanasopoulos, Vasilis Pappas, Antonis Krithinakis, Spyros Ligouras, Evangelos P. Markatos, and Thomas Karagiannis
In Proceedings of the 1st USENIX Conference on Web Application Development (WebApps).
Boston, Massachusetts, June 2010.

Code-Injection Attacks in Browsers Supporting Policies
Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos
In Proceedings of the 3rd Workshop on Web 2.0 Security & Privacy (W2SP).
Oakland, California, May 2009.



HomeMaestro
A distributed system for monitoring and instrumentation of home networks in real-time. HomeMaestro strives to put order in the chaos of home networks through an end-host distributed solution that requires no additional assistance from network equipment such as routers or access points or modification of network application. HomeMaestro performs extensive measurements at the host level to infer application network requirements, and identifies network related problems through time-series analysis. HomeMaestro automatically detects and resolves contention over network resources among applications based on predefined policies. While interning with Microsoft Research, I was the initial coder for the first prototype of HomeMaestro, which is developed in C# for the Microsoft Windows Operating System.

Related Publications
HomeMaestro: Order from Chaos in Home Networks
Thomas Karagiannis, Elias Athanasopoulos, Christos Gkantsidis, Peter Key
Technical Report.
MSR-TR-2008-84, 2008.



WISDOM
WIrespeed Security Domains using Optical Monitoring (funded by EU, 2007-2009). WISDOM is designed to develop advanced optical components necessary for photonic firewalls. This involves the development of novel optical processing modules are placed at the front end of the node firewall to provide the primary optical information filtering - operating at wirespeed (40Gbit/s per channel) which includes operations such as optical packet recognition, interrogation and manipulating data streams incorporating features of parity checking, flag status, and header recognition. As a research assistant at FORTH, I am the principal software architect for the WISDOM platform.

Related Publications
WISDOM: Security-Aware Fibres
Elias Athanasopoulos, Antonis Krithinakis, Georgios Kopidakis, Graeme Maxwell, Alistair Poustie, Bob Manning, Rod Webb, Martin Koyabe, Carla Di Cairano-Gilfedder
In Proceedings of the 2nd ACM European Workshop on System Security (EUROSEC).
Nuremberg, Germany, March 2009.

WSIM: A software platform to simulate all-optical security operations
Antonis Krithinakis, Lubomir Stroetmann, Elias Athanasopoulos, Georgios Kopidakis, Evangelos P. Markatos
In Proceedings of the 2nd European Conference on Computer Network Defense (EC2ND).
Dublin, Ireland, December 2008.



Curriculum Vitae