dr. hector marco - lecturer and cyber security …hmarco.org/data/misc/hmarco-cv_en.pdf · ......

Dr. Hector Marco

University of the West of Scotland Phone: +44 141 849 4418High Street, Paisley Email: [email protected] 2BE, Scotland Alt: [email protected] http://hmarco.org

BIOGRAPHY

Dr. Hector Marco-Gisbert, MIEEE, BSc (Hons) in Computer Engineering, MSc in Industrial Comput-ing and Control Systems and PhD in Engineering in Computer Science, Cybersecurity with maximumdistinctions. Initially, he participated in several research projects where the main goal was to developan hypervisor for the next generation of spacecrafts for the ESA (European Space Agency). He ex-tend the scope of the projects by including security aspects. After more than 6 years of experiencein virtualisation, he shifted deeper to Cybersecurity making substantial security contributions to theLinux kernel, Glibc, GRUB and other open software projects. Since then, he has accumulated morethan 6 years of experience in low level Cybersecurity research, receiving awards and recognitions fromGoogle, Packet Storm Security and IBM for his security contributions. Currently, he is lecturer inCybersecurity at the University of the West of Scotland, Glasgow, UK.

QUALIFICATIONS

University of the West of Scotland Paisley, ScotlandPgCert High Education 2017-,

Universitat Politecnica de Valencia Valencia, SpainPhD Computer Science, Cybersecurity 2012-2015Cum Laude & International mentions

Universitat Politecnica de Valencia Valencia, SpainMSc Industrial Computing and Control Systems 2009-2010

Universitat Politecnica de Valencia Valencia, SpainBEng Computer Engineering 2007-2009

Universitat Politecnica de Valencia Valencia, SpainBSci Computer Science 2003-2007

IES Sant Vicent Ferrer Algemesi, SpainHND Computing 2001-2003

Dr. Hector Marco-Gisbert 1/17

www.uws.ac.uk

http://hmarco.org

PROFESSIONAL EXPERIENCE

• Lecturer, University of the West of Scotland, UK, Aug 2016 - to date. Lecturer in MSc In-formation and Network Security and in BSc(Hons) Computer Networks at the University of theWest of Scotland. Actively involved in the accreditation of new CyberSecurity programmes atboth Undergraduate and Masters level.

• Senior Research Associate, Universitat Politecnica de Valencia, Spain, Jan 2012 - Aug 2016.Co-Founder and Member of the Cybersecurity research Group at the Universitat Politecnica deValencia. A colleague and I created the research group from scratch, from the website to theresearch lines. I have published, developed and patented several works, some of them rewardedby Google and Packet Storm Security.

• Research Intern, CVUT Prague, March - July. 2014. During my PhD years, I was a researcherintern in the CVUT university in Prague. I participated in research, seminars and presentationsin their Industrial Informatics Group of Faculty of Electrical Engineering. I provided somevulnerabilities alerts of their servers. I also presented my research and discussed some ideasbroadening their research area.

• Research Associate, Universitat Politecnica de Valencia, Spain, Sep 2009 - Dec 2011. I haveparticipated in several international research projects where the main goal was to develop an hy-pervisor (XtratuM) for the next generation of spacecrafts for the ESA (European Space Agency).I extended the scope of the project by including security aspects by designing and developing aSecure Trusted Partition (STP) using the MILS architecture concept.

• Research Assistant, Universitat Politecnica de Valencia, Spain, Sep. 2007 - Sep. 2009: Duringmy undergraduate years, I joined the Institute of Control Systems and Industrial Computingresearch group. I was the first person in the group to deal with security aspects in virtualisedenvironments. Basically, I started to study low level virtualization and security to finally proposea usable security architecture. This architecture was my final bachelor project.

• IT Manager, European Supplies SL, Alicante, Spain, Jul 2006 - Aug 2006

During my undergraduate years, I accepted the challenge of redesigning and securising the net-work of a British company during the summer holidays of the university. From the design andimplementation of the security policies to informal cybersecurity talks to employees. When I leftthe company, I got a extra-salary month as incentive for having successfully completed the work.

RESEARCH INTERESTS

His main interests background and research includes to identify and thwart critical real security threatsfocusing on servers and smartphone platforms. From multi tenancy at operating system level in cloudenvironments to the design of practical low level attacks and protection techniques at Kernel and userspace.


HONORS & AWARDS

Contributions with a demonstrable, significant and proactive impact on the security of selected open-source projects that have been rewarded by top Cybersecurity industry. Regarding Google Inc., thepanel consists of the members of the Google Security Team with a knack for researching low-level bugs.

1. IBM corp.

• Description: Address space layout randomization (ASLR) for Linux S390

• URL: http://cybersecurity.upv.es/awards.html#IBM2016-1

• Date: July, 2016

2. Google Inc.

• Description: ASLR improvement - Unlimiting the stack not longer disables ASLR

• URL: http://cybersecurity.upv.es/awards.html#Google2015-4

• Date: March, 2016

3. Google Inc.

• Description: ASLR improvement - Fix of the offset2lib weakness

• URL: ttp://cybersecurity.upv.es/awards.html#Google2015-3

• Date: September, 2015

4. Google Inc.

• Description: ASLR x86 64 improvement - Fix of reduced stack entropy


• Date: August, 2015

5. Google Inc.

• Description: AMD Bulldozer ASLR improvement - Solving cache conflicts


• Date: August, 2015

6. Packet Storm Security

• Description: Offset2lib: Bypassing Full ASLR On 64bit Linux

• URL: http://cybersecurity.upv.es/awards.html#PacketStorm2014

• Date: April, 2014


http://cybersecurity.upv.es/awards.html#IBM2016-1

http://cybersecurity.upv.es/awards.html#Google2015-4

ttp://cybersecurity.upv.es/awards.html#Google2015-3



http://cybersecurity.upv.es/awards.html#PacketStorm2014

TEACHING EXPERIENCE

MODULES DESIGN AND COORDINATION

1. Module Name: Cyber Attacks

Programme: MSc Information and Network Security

Academic Year: 2016, 2017

Role: Module Coordinator

Entity: University of the West of Scotland, UK

2. Module Name: Cyber Defense


Academic Year: 2017

Role: Module Coordinator


3. Module Name: Advanced MOOC in secure programming

Programme: MOOC Course

Academic Year: 2016

Role: Expert collaborator

Entity: Instituto Nacional de Ciberseguridad (INCIBE), Spain

PROGRAMME DESIGN

4. Progamme Name: Computing Sc for Cyber Security

Qualification Level: Masters of Science with Honours

Role: Design and Validation Panel


Year: 2017

5. Progamme Name: Digital Security & Forensics

Qualification Level: Masters of Science with Honours



Year: 2017

6. Progamme Name: Computing Sc for Cyber Security

Qualification Level: Bachelor of Science with Honours



Year: 2017


7. Progamme Name: Digital Security & Forensics

Qualification Level: Bachelor of Science with Honours



Year: 2017

MODULE DELIVERY

8. Module Name: Cyber Defense


Academic Year: 2017

Hours Delivered: 48


9. Module Name: Unix System Administration

Programme: Bsc(Hons) Computer Networks

Academic Year: 2017

Hours Delivered: 48




Academic Year: 2017

Hours Delivered: 48


11. Module Name: Emerging Topics in Smart Networks


Academic Year: 2017

Hours Delivered: 2




Academic Year: 2016

Hours Delivered: 48


13. Module Name: Virtualisation


Academic Year: 2016

Hours Delivered: 40



14. Module Name: Emerging Topics in Smart Networks


Academic Year: 2016

Hours Delivered: 2


MODULE DEVELOPMENT (Not delivered)

15. Module Name: Security Fundamentals

Programme: Bsc(Hons) Digital Security & Forensics and,MSc Computing Sc for Cyber Security


Year: 2017

16. Module Name: Network Penetration Testing & Ethical Hacking



Year: 2017

17. Module Name: Advanced Ethical Hacking & Web Application Testing



Year: 2017

INVITED LECTURES

18. Lecture Name: Cyber Security research, incidents and governments

Audience: 17 delegates from Hainan Vocational College of Political Sciences and Law,Hainan, China

Entity: Newcastle University, UK

Year: 2017

19. Lecture Name: Researching in Cybersecurity

Audience: MEng Computer Science

Entity: Universitat Politecnica de Valencia, Spain

Year: 2017

20. Lecture Name: Researching in Cybersecurity



Year: 2016


21. Lecture Name: Networks and Security



Year: 2016

TEACHING QUALITY METRICS

The score of the student’s module questionnaire data received for all the modules I have been coordi-nated is higher than the average of the department where the teaching has been delivered.

PhD SUPERVISION

22. Title: A secure multi tenancy-aware kernel shared memory

Role: Director


Student Name: Fernando Vano

Year: 2017-

23. Title: A hardware base Control Flow Integrity protection to prevent control flow redirections

Role: Director


Student Name: Sarwar Sayeed

Year: 2017-

24. Title: To be defined

Role: Co-Director


Student Name: Antonio Matencio

Year: 2017-

25. Title: An application oriented, dynamic routing design for heterogeneous networks based onpolychromatic sets theory

Role: Assessor


Student Name: Dong Wang

Year: 2017-

26. Title: Enhanced Cloud Based Video Services for Mobile Users

Role: Assessor


Student Name: Bada Adedayo

Year: 2013-2018



Role: Assessor


Student Name: Andre Jeworutzki

Year: 2017-


Role: Assessor


Student Name: Antonio Matencio Escolar

Year: 2017-

UNDERGRADUATE HONS PROJECT SUPERVISION

29. Evaluation of Open-source Intrusion Detection Systems on a low-power computingplatform, University of the West of Scotland, UK, 2016-2017.

30. Portable anonymizer using a Tor proxy in a Raspberry PI, University of the West ofScotland, UK, 2016-2017.

31. ROP gadgets finder to build ARM payloads, Universitat Politecnica de Valencia, Spain,2014-2015.

32. Design and implementation of the plugin framework for an advanced game enginearchitecture, Universitat Politecnica de Valencia, Spain, 2014-2015.

33. N-Modular architecture for software applications: Architecture evaluation, Universi-tat Politecnica de Valencia, Spain, 2013-2014.

34. N-Modular architecture for software applications: Monitor implementation, Univer-sitat Politecnica de Valencia, Spain, 2013-2014.

MSc PROJECT SUPERVISION

35. Analysis of the MITRE vulnerabilities database: Trends and evolution, MEng Com-puter Science, Universitat Politecnica de Valencia, Spain, 2015-16.

36. Designing a secure working environment using several VMware machines simulta-neously, Universitat Politecnica de Valencia, Spain, 2015-16.


TEACHING INNOVATION PROJECTS

37. Risky e-Learning Platform for Information. Agence Europe-Education-FormationFrance - #2011-1-FR1-LEO05-24482

• Income: -

• Dates: 01/04/2009-31/03/2013

• Role: Co-investigator

• Partners: Instituto Tecnologico de Informatica, Universitat Politecnica de Valencia

RESEARCH GRANTS AND PROJECTS

1. CyberCloud: Enhanced Security Virtualisation for cloud environments

• Income: 7,095.00£

• Dates: 01/01/2018-31/12/2018

• Role: Principal Investigator

• Partners: University of the West of Scotland

2. Slicenet - H2020-ICT-2016-2

• Income: 7,979,030e

• Dates: 01/06/2017-31/05/2020


• Partners: Eurescom, Altice Labs, University of the West of Scotland, Nextworks S.R.L, Er-icsson Telecomunicazioni SpA, IBM Israel Science and Technology Limited, Eurecom, Uni-versitat Politcnica de Catalunya, RedZinc Service Ltd., The Hellenic TelecommunicationsOrganisation S.A., Orange Romania, EFACEC Energia, Creative Systems Engineering, CITInfinite

3. 5G Video Lab

• Income: 400,000£

• Dates: 2017-2020


• Partners: National Air Traffic Control Services, University of the West of Scotland

4. Address Space Layout Randomization for Linux S390 Systems, KTP Project

• Income: 3,000e

• Dates: 01/08/2016-16/08/2016


• Partners: IBM, Universitat Politecnica de Valencia


5. ASLR-NG Implementation and Support in the Linux Kernel

• Income: 16,000e

• Dates: 01/08/2016-31/12/2016



6. Offset2lib: Bypassing Full ASLR On 64bit Linux, KTP Project

• Income: 10,000$

• Dates: 06/2014-12/2014


• Partners: Packet Storm Security

7. EMC2: Embedded Multi-Core systems for Mixed Criticality applications in dynamicand changeable real-time environments - 621429

• Income: 94,000,000e

• Dates: 04/2014-06/2017


• Partners: 101 partners of embedded industry and research from 16 European countries withan effort of about 770 person years

8. CRitical sYSTem engineering AcceLeration. ARTEMIS Joint Undertaking - 332830,Ministerio de Industria, Energia y Turismo - ART-010000-2013-1

• Income: 82,000,000e Total Grant

• Dates: 01/05/2013-31/03/2016


• Partners: 71 partners from 10 different European countries

9. Virtualisation Techniques applied to Computing Security

• Income: 30,000e

• Dates: 01/01/2014-31/12/2014




10. Interactive and adaptive techniques for automatic recognition systems, learning andperception (TIASA) - TIN2009-14205-C04-03

• Income: not available

• Dates: 01/04/2013-31/12/2013



11. HI-PARTES: High-Integrity Partitioned Embedded Systems. TIN2011-28567-C03-03

• Income: 198,319e

• Dates: 01/01/2012-31/07/2015


• Partners: STRAST-UPM, CTR-UC, GII-UPV

12. System Impact of Distributed Multicore Systems (EADS). ASB32.AO.VC.708767.09

• Income: not available

• Dates: 25/01/2010-31/12/2011


• Partners: ASTRIUM, ESTEC, Universitat Politecnica de Valencia

13. HIPERVIS: Hypervisor for Critical Real Time Embedded Systems. PROMETEO/2009/022

• Income: 111.630e

• Dates: 01/07/2009-31/12/2013


• Partners: Universitat Politecnica de Valencia

14. TURTLE: Securising Embedded Distributed Systems. TSI-020301-2009-3

• Income: 215,127e

• Dates: 01/03/2009-01/04/2011


• Partners: SICE, Fundacion European Software Institute (ESI), Universitat Politecnica deValencia, ETRA I+D, Celestica, Telefonica I+D, Acciona, Prometeo Innovations, Domod-esk, Visual-Tools, I&IMS, TB Solutions, CITEAN and Telvent Energia


15. TECOM: Trusted Embedded Computing

• Income: 177,614e

• Dates: 01/01/2009-31/03/2010


• Partners: Aonix, EADS DS, Thomson, Trango Virtual Processors, Trialog, Technikon,Fagor, Ikerlan, Universidad Politecnica de Madrid, Visual Tools and Universitat Politecnicade Valencia

16. TURTLE: Securising Embedded Distributed Systems. TSI-020301-2008-14

• Income: 25,603e

• Dates: 10/04/2008-10/01/2009


• Partners: SICE, Fundacion European Software Institute (ESI), Universitat Politecnica deValencia, ETRA I+D, Celestica, Telefonica I+D, Acciona, Prometeo Innovations, Domod-esk, Visual-Tools, I&IMS, TB Solutions, CITEAN and Telvent Energia

17. Integral Support for Embedded Real Time Open and Distributed Systems PAID-05-06-6798

• Income: 9,900e

• Dates: 21/12/2006-21/12/2007


• Partners: Universitat Politecnica de Valencia

RESEARCH PUBLICATIONS

IMMINENT INTERNATIONAL PUBLICATIONS

1. H. Marco-Gisbert, I. Ripoll Ripoll, J. M. Alcaraz Calero. “SSPFA: Towards an Enhanced Mem-ory Protection Architecture for Android OS”, (submitted-under review, Q1), 2018.

2. H. Marco-Gisbert and I. Ripoll Ripoll. “ASLR taxonomy: Evaluating Linux, PaX and OS X”,(submitted-under review, Q1), 2018.

3. F Vano Garcia and H. Marco-Gisbert. “KASLR Influence Over Deduplication”, (submitted-under review, B conference), 2018.

4. Ismael Ripoll, Hector Marco-Gisbert, Vıctor Martinez-Fernandez and Pedro Gil. Deteccion de co-piones con “pinganillos magnticos” y experimentos sobre magnetismo, (submitted-under review,docente), 2018.

PUBLICATIONS IN INTERNATIONAL CONFERENCES

5. H. Marco-Gisbert and I. Ripoll, “return-to-csu: A New Method to Bypass 64-bit Linux ASLR”, Black Hat Asia 2018, Singapore, March 2018.


6. H. Marco-Gisbert and I. Ripoll, “Exploiting Linux and PaX ASLR’s Weaknesses on 32-bit and64-bit Systems”, Black Hat Asia 2016, Singapore, March-April 2016.

7. H. Marco-Gisbert and I. Ripoll, “On the Effectiveness of NX, SSP, RenewSSP and ASLR againststack buffer overflows”, 13th IEEE International Symposium on Network Computing and Appli-cations (IEEE NCA), August, 2014.

8. H. Marco-Gisbert and I. Ripoll, “Preventing brute force attacks against stack canary protec-tion on networking servers”, 12th IEEE International Symposium on Network Computing andApplications (IEEE NCA), pp. 243-250, August, 2013.

9. H. Marco-Gisbert, I. Ripoll, J.C. Ruiz and D.D. Andres, “Preventing Memory Errors in Net-worked Vehicle Services Through Diversification”, Proceedings of Workshop CARS (2nd Work-shop on Critical Automotive applications: Robustness & Safety) of the 32nd International Con-ference on Computer Safety, Reliability and Security (Safecomp), July 2013.

10. H. Marco-Gisbert and Alfons Crespo, “Security in real time embedded systems”, Simposio desistemas de tiempo real, September 2010.

11. H. Marco-Gisbert and I. Ripoll, “Bypassing Trusted Code: Hacking GRUB”, IX Jornadas STICCCN-CERT, Madrid, Spain, December 2015.

12. H. Marco-Gisbert and I. Ripoll, “Hardening Apache against SSP brute force attacks”, JornadasNacionales de Investigacin en Ciberseguridad, Leon, Spain, September, 2015.

13. I. Ripoll and H. Marco-Gisbert, “Using emulation through diversification to prevent memory er-rors exploitation”, Jornadas Nacionales de Investigacin en Ciberseguridad, Leon, Spain, Septem-ber, 2015.

14. H. Marco-Gisbert, I. Ripoll and A. Crespo, “Security in real time embedded systems”, CongresoEspanol de Informatica (CEDI), Valencia, Spain, September 2010.

BOOK CHAPTERS

15. H. Marco-Gisbert, I. Ripoll, J.C. Ruiz and D.D. Andres, “ Preventing Memory Error ExploitationThrough Emulation-based Processor Diversification”. Book chapter: Emerging Trends in ICTSecurity, 1st Edition (ICT 2013).

INVITED TALKS IN INTERNATIONAL CONFERENCES

16. Cybersecurity challenges in the nautical industry, Smart Shipping Symposium, UK, Jun 2018.

17. return-to-csu: A New Method to Bypass 64-bit Linux ASLR , Black Hat Asia 2018, Singapore,March 2018.

18. Abusing LUKS to Hack the System, In-depth Security Conference (DeepSec), Austria, Vienna,Nov, 2016.

19. Exploiting Linux and PaX ASLR’s Weaknesses on 32-bit and 64-bit Systems, Black Hat Asia,Singapore, Mar 2016.

20. Bypassing Trusted Code: Hacking GRUB, IX Jornadas STIC CCN-CERT, Madrid, Spain, Dec2015.


21. On the Effectiveness of Full-ASLR on 64bit Linux, In-depth Security Conference (DeepSec),Austria, Vienna, Nov 2014.

INTERNATIONAL PUBLICATIONS OF SOFTWARE VULNERABILITIES

22. Initrd root Shell, Not failing securely

• CVE-ID: CVE-2016-4484

• Vendor: Cryptsetup <= 2:1

• Date: November 2016

• URL: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484 cryptsetup initrd shell.html

23. Unlimiting the stack not longer disables ASLR

• CVE-ID: CVE-2016-3672

• Vendor: Linux <= 4.5

• Date: April 2016

• URL: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html

24. Back to 28: Authentication Bypass, Integer Underflow

• CVE-ID: CVE-2015-8370

• Vendor: Grub2 <= 2.02

• Date: December 2015

• URL: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

25. Bypass Pointer guard, Dynamic loader weakness

• CVE-ID: (pending)

• Vendor: Glibc <= 2.22.90

• Date: September 2015

• URL: http://hmarco.org/bugs/glibc ptr mangle weakness.html

26. AMD Linux ASLR weakness, Improper alignment



• Date: March 2015

• URL: http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html


http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html

http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html

http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html

http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html

http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html

27. Reduced mmap entropy, Improper mask manipulation



• Date: January 2015

• URL: http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html

28. Reduced stack entropy, Integer overflow

• CVE-ID: CVE-2015-1593



• URL: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html

29. Denial of Service, Incorrect headers handling

• CVE-ID: CVE-2015-1574

• Vendor: Google Email 4.2.2


• URL: http://hmarco.org/bugs/google email app 4.2.2 denial of service.html

30. Root shell, Stack buffer overflow

• CVE-ID: CVE-2014-5439

• Vendor: Sniffit <= 0.3.7

• Date: July 2014

• URL: http://hmarco.org/bugs/CVE-2014-5439-sniffit 0.3.7-stack-buffer-overflow.html

31. Root shell (II), Drop privileges failed

• CVE-ID: CVE-2014-1226

• Vendor: s3dvt <= 0.2.2


• URL: http://hmarco.org/bugs/CVE-2014-1226-s3dvt 0.2.2-root-shell.html

32. Root shell


• Vendor: Bash <= 4.3


• URL: http://hmarco.org/bugs/bash 4.3-setuid-bug.html


http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html

http://hmarco.org/bugs/linux-ASLR-integer-overflow.html

http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html

http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html

http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html

http://hmarco.org/bugs/bash_4.3-setuid-bug.html

33. Root Privilege escalation, Drop privileges failed

• CVE-ID: CVE-2013-6825

• Vendor: DCMTK <= 3.6.1


• URL: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html

34. Root shell (I), Drop privileges failed

• CVE-ID: CVE-2013-6876

• Vendor: s3dvt <= 0.2.2


• URL: http://hmarco.org/bugs/s3dvt 0.2.2-root-shell.html

35. Bypass pointer guard, No pointer protection

• CVE-ID: CVE-2013-4788

• Vendor: Glibc <= 2.17


• URL: http://hmarco.org/bugs/CVE-2013-4788.html

INTELLECTUAL PROPERTY RIGHTS AND PATENTS

1. H. Marco-Gisbert and Ismael Ripoll, ASLRA, (under register). [ONLINE].

2. H. Marco-Gisbert and Ismael Ripoll, ASLR-NG, (under register). [ONLINE].

3. H. Marco-Gisbert and Ismael Ripoll, DRITAE, (under register).

4. H. Marco-Gisbert, NEXX hypervisor, (under register). [ONLINE].

5. H. Marco-Gisbert, STP partition, (under register).

6. H. Marco-Gisbert and Ismael Ripoll, Offset2lib, (under register) [ONLINE].

7. H. Marco-Gisbert and Ismael Ripoll, jmp2non-ssp, (under register).

8. H. Marco-Gisbert and Ismael Ripoll, CRTµROP, (under register).

9. Ismael Ripoll and H. Marco-Gisbert, RenewSSP, 14341118, 2014. [ONLINE].

REPRESENTATION IN INTERNATIONAL PROFESSIONAL BODIES

MEMBERSHIP IN INTERNATIONAL BODIES

1. Member of the Engineering and Physical Sciences Research Council (EPSRC) Peer Review Col-lege, UK.


http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html

http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html

http://hmarco.org/bugs/CVE-2013-4788.html

http://cybersecurity.upv.es/tools/aslra/aslr-analyzer.html

http://cybersecurity.upv.es/solutions/aslr-ng/aslr-ng.html

http://hmarco.org/virtualisation/nexx/NEXX_ARM_hypervisor.html

http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html

http://renewssp.com

2. Institute of Electrical and Electronics Engineers (IEEE) Member, 93100035.

3. H2020 expert reviewer evaluator. European Commission, Brussels.

4. Co-founder and active member of the Cybersecurity group at Universitat Politecnica de Valencia,Spain.

REVIEWER FOR INTERNATIONAL JOURNALS

5. Special Issue on emerging trends in adaptive computation for mobiquitous systems, 2014

CHAIRMAN ACTIVITIES FOR INTERNATIONAL CONFERENCES

6. The Eleventh International Conference on Emerging Security Information, Systems and Tech-nologies. OSAS: Operating Systems and Applications Security. Rome, Italy, 2017

TECHNICAL PROGRAMCOMMITTEE FOR INTERNATIONAL CONFERENCES

7. IEEE International Conference on Data Science and Systems (DSS), UK, 2018.

8. International Joint Conference on Information and Communication Engineering (JCICE), China,2018.

9. IEEE International Conference on Cybernetics (CYBCONF), UK, 2017

10. International Symposium on Networks, Computers and Communications (ISNCC), Morocco,2017

11. International Conference on Emerging Security Information, Systems and Technologies (SECUR-WARE), Italy, 2017.

12. Jornadas Nacionales de investigacion en Ciberseguridad (JNIC), Spain, 2015.

13. IEEE real-time and embedded technology and applications symposium (RTAS), Germany, 2014

14. Latin-American Symposium on Dependable Computing (LADC), Brazil, 2013

LANGUAGES

English (advanced), French (elementary), Spanish (mother tongue), Valencian/Catalan (mothertongue).

REFERENCES

FROM ACADEMIA


Dr. Ismael RipollAssociate ProfessorDept. of Computing EngineeringUniversitat Politecnica de ValenciaCami de Vera s/n, 46022UPV University, Valencia, SpainPhone: +34 96 387 7007 Ext. [email protected]

Dr. Pietro ManzoniProfessorDept. of Computing EngineeringUniversitat Politecnica de ValenciaCami de Vera s/n, 46022UPV University, Valencia, SpainPhone: +34 96 387 7007 Ext. [email protected]

Dr. Juan Carlos CanoProfessor & Head of the DepartmentDept. of Computing EngineeringUniversitat Politecnica de ValenciaCami de Vera s/n, 46022UPV University, Valencia, SpainPhone: +34 96 387 7007 Ext. [email protected]

Dr. Andres TerrasaAssociate ProfessorDept. of Computer systems and ComputationUniversitat Politecnica de ValenciaCami de Vera s/n, 46022UPV University, Valencia, SpainPhone: +34 96 387 7007 Ext. [email protected]

FROM INDUSTRY

Dr. Jesus FriginalProject manager Security & SafetySCASSIC/ Capitn Haya, 38-428020 Madrid, SpainPhone:+34 625 235 [email protected]

Sir. Antonio VillalonSecurity manager at S2 grupoS2 Grupo Security CompanyRamiro de Maeztu,746022 Valencia, SpainPhone: +34 963 110 [email protected]


dr. hector marco - lecturer and cyber security …hmarco.org/data/misc/hmarco-cv_en.pdf · ......

Documents