dr. hector marco - lecturer and cyber security …hmarco.org/data/misc/hmarco-cv_en.pdf · ......
TRANSCRIPT
Dr. Hector Marco
University of the West of Scotland Phone: +44 141 849 4418High Street, Paisley Email: [email protected] 2BE, Scotland Alt: [email protected] http://hmarco.org
BIOGRAPHY
Dr. Hector Marco-Gisbert, MIEEE, BSc (Hons) in Computer Engineering, MSc in Industrial Comput-ing and Control Systems and PhD in Engineering in Computer Science, Cybersecurity with maximumdistinctions. Initially, he participated in several research projects where the main goal was to developan hypervisor for the next generation of spacecrafts for the ESA (European Space Agency). He ex-tend the scope of the projects by including security aspects. After more than 6 years of experiencein virtualisation, he shifted deeper to Cybersecurity making substantial security contributions to theLinux kernel, Glibc, GRUB and other open software projects. Since then, he has accumulated morethan 6 years of experience in low level Cybersecurity research, receiving awards and recognitions fromGoogle, Packet Storm Security and IBM for his security contributions. Currently, he is lecturer inCybersecurity at the University of the West of Scotland, Glasgow, UK.
QUALIFICATIONS
University of the West of Scotland Paisley, ScotlandPgCert High Education 2017-,
Universitat Politecnica de Valencia Valencia, SpainPhD Computer Science, Cybersecurity 2012-2015Cum Laude & International mentions
Universitat Politecnica de Valencia Valencia, SpainMSc Industrial Computing and Control Systems 2009-2010
Universitat Politecnica de Valencia Valencia, SpainBEng Computer Engineering 2007-2009
Universitat Politecnica de Valencia Valencia, SpainBSci Computer Science 2003-2007
IES Sant Vicent Ferrer Algemesi, SpainHND Computing 2001-2003
Dr. Hector Marco-Gisbert 1/17
PROFESSIONAL EXPERIENCE
• Lecturer, University of the West of Scotland, UK, Aug 2016 - to date. Lecturer in MSc In-formation and Network Security and in BSc(Hons) Computer Networks at the University of theWest of Scotland. Actively involved in the accreditation of new CyberSecurity programmes atboth Undergraduate and Masters level.
• Senior Research Associate, Universitat Politecnica de Valencia, Spain, Jan 2012 - Aug 2016.Co-Founder and Member of the Cybersecurity research Group at the Universitat Politecnica deValencia. A colleague and I created the research group from scratch, from the website to theresearch lines. I have published, developed and patented several works, some of them rewardedby Google and Packet Storm Security.
• Research Intern, CVUT Prague, March - July. 2014. During my PhD years, I was a researcherintern in the CVUT university in Prague. I participated in research, seminars and presentationsin their Industrial Informatics Group of Faculty of Electrical Engineering. I provided somevulnerabilities alerts of their servers. I also presented my research and discussed some ideasbroadening their research area.
• Research Associate, Universitat Politecnica de Valencia, Spain, Sep 2009 - Dec 2011. I haveparticipated in several international research projects where the main goal was to develop an hy-pervisor (XtratuM) for the next generation of spacecrafts for the ESA (European Space Agency).I extended the scope of the project by including security aspects by designing and developing aSecure Trusted Partition (STP) using the MILS architecture concept.
• Research Assistant, Universitat Politecnica de Valencia, Spain, Sep. 2007 - Sep. 2009: Duringmy undergraduate years, I joined the Institute of Control Systems and Industrial Computingresearch group. I was the first person in the group to deal with security aspects in virtualisedenvironments. Basically, I started to study low level virtualization and security to finally proposea usable security architecture. This architecture was my final bachelor project.
• IT Manager, European Supplies SL, Alicante, Spain, Jul 2006 - Aug 2006
During my undergraduate years, I accepted the challenge of redesigning and securising the net-work of a British company during the summer holidays of the university. From the design andimplementation of the security policies to informal cybersecurity talks to employees. When I leftthe company, I got a extra-salary month as incentive for having successfully completed the work.
RESEARCH INTERESTS
His main interests background and research includes to identify and thwart critical real security threatsfocusing on servers and smartphone platforms. From multi tenancy at operating system level in cloudenvironments to the design of practical low level attacks and protection techniques at Kernel and userspace.
Dr. Hector Marco-Gisbert 2/17
HONORS & AWARDS
Contributions with a demonstrable, significant and proactive impact on the security of selected open-source projects that have been rewarded by top Cybersecurity industry. Regarding Google Inc., thepanel consists of the members of the Google Security Team with a knack for researching low-level bugs.
1. IBM corp.
• Description: Address space layout randomization (ASLR) for Linux S390
• URL: http://cybersecurity.upv.es/awards.html#IBM2016-1
• Date: July, 2016
2. Google Inc.
• Description: ASLR improvement - Unlimiting the stack not longer disables ASLR
• URL: http://cybersecurity.upv.es/awards.html#Google2015-4
• Date: March, 2016
3. Google Inc.
• Description: ASLR improvement - Fix of the offset2lib weakness
• URL: ttp://cybersecurity.upv.es/awards.html#Google2015-3
• Date: September, 2015
4. Google Inc.
• Description: ASLR x86 64 improvement - Fix of reduced stack entropy
• URL: http://cybersecurity.upv.es/awards.html#Google2015-2
• Date: August, 2015
5. Google Inc.
• Description: AMD Bulldozer ASLR improvement - Solving cache conflicts
• URL: http://cybersecurity.upv.es/awards.html#Google2015-1
• Date: August, 2015
6. Packet Storm Security
• Description: Offset2lib: Bypassing Full ASLR On 64bit Linux
• URL: http://cybersecurity.upv.es/awards.html#PacketStorm2014
• Date: April, 2014
Dr. Hector Marco-Gisbert 3/17
TEACHING EXPERIENCE
MODULES DESIGN AND COORDINATION
1. Module Name: Cyber Attacks
Programme: MSc Information and Network Security
Academic Year: 2016, 2017
Role: Module Coordinator
Entity: University of the West of Scotland, UK
2. Module Name: Cyber Defense
Programme: MSc Information and Network Security
Academic Year: 2017
Role: Module Coordinator
Entity: University of the West of Scotland, UK
3. Module Name: Advanced MOOC in secure programming
Programme: MOOC Course
Academic Year: 2016
Role: Expert collaborator
Entity: Instituto Nacional de Ciberseguridad (INCIBE), Spain
PROGRAMME DESIGN
4. Progamme Name: Computing Sc for Cyber Security
Qualification Level: Masters of Science with Honours
Role: Design and Validation Panel
Entity: University of the West of Scotland, UK
Year: 2017
5. Progamme Name: Digital Security & Forensics
Qualification Level: Masters of Science with Honours
Role: Design and Validation Panel
Entity: University of the West of Scotland, UK
Year: 2017
6. Progamme Name: Computing Sc for Cyber Security
Qualification Level: Bachelor of Science with Honours
Role: Design and Validation Panel
Entity: University of the West of Scotland, UK
Year: 2017
Dr. Hector Marco-Gisbert 4/17
7. Progamme Name: Digital Security & Forensics
Qualification Level: Bachelor of Science with Honours
Role: Design and Validation Panel
Entity: University of the West of Scotland, UK
Year: 2017
MODULE DELIVERY
8. Module Name: Cyber Defense
Programme: MSc Information and Network Security
Academic Year: 2017
Hours Delivered: 48
Entity: University of the West of Scotland, UK
9. Module Name: Unix System Administration
Programme: Bsc(Hons) Computer Networks
Academic Year: 2017
Hours Delivered: 48
Entity: University of the West of Scotland, UK
10. Module Name: Cyber Attacks
Programme: MSc Information and Network Security
Academic Year: 2017
Hours Delivered: 48
Entity: University of the West of Scotland, UK
11. Module Name: Emerging Topics in Smart Networks
Programme: Bsc(Hons) Computer Networks
Academic Year: 2017
Hours Delivered: 2
Entity: University of the West of Scotland, UK
12. Module Name: Cyber Attacks
Programme: MSc Information and Network Security
Academic Year: 2016
Hours Delivered: 48
Entity: University of the West of Scotland, UK
13. Module Name: Virtualisation
Programme: Bsc(Hons) Computer Networks
Academic Year: 2016
Hours Delivered: 40
Entity: University of the West of Scotland, UK
Dr. Hector Marco-Gisbert 5/17
14. Module Name: Emerging Topics in Smart Networks
Programme: Bsc(Hons) Computer Networks
Academic Year: 2016
Hours Delivered: 2
Entity: University of the West of Scotland, UK
MODULE DEVELOPMENT (Not delivered)
15. Module Name: Security Fundamentals
Programme: Bsc(Hons) Digital Security & Forensics and,MSc Computing Sc for Cyber Security
Entity: University of the West of Scotland, UK
Year: 2017
16. Module Name: Network Penetration Testing & Ethical Hacking
Programme: Bsc(Hons) Digital Security & Forensics and,MSc Computing Sc for Cyber Security
Entity: University of the West of Scotland, UK
Year: 2017
17. Module Name: Advanced Ethical Hacking & Web Application Testing
Programme: Bsc(Hons) Digital Security & Forensics and,MSc Computing Sc for Cyber Security
Entity: University of the West of Scotland, UK
Year: 2017
INVITED LECTURES
18. Lecture Name: Cyber Security research, incidents and governments
Audience: 17 delegates from Hainan Vocational College of Political Sciences and Law,Hainan, China
Entity: Newcastle University, UK
Year: 2017
19. Lecture Name: Researching in Cybersecurity
Audience: MEng Computer Science
Entity: Universitat Politecnica de Valencia, Spain
Year: 2017
20. Lecture Name: Researching in Cybersecurity
Audience: MEng Computer Science
Entity: Universitat Politecnica de Valencia, Spain
Year: 2016
Dr. Hector Marco-Gisbert 6/17
21. Lecture Name: Networks and Security
Audience: MEng Computer Science
Entity: Universitat Politecnica de Valencia, Spain
Year: 2016
TEACHING QUALITY METRICS
The score of the student’s module questionnaire data received for all the modules I have been coordi-nated is higher than the average of the department where the teaching has been delivered.
PhD SUPERVISION
22. Title: A secure multi tenancy-aware kernel shared memory
Role: Director
Entity: University of the West of Scotland, UK
Student Name: Fernando Vano
Year: 2017-
23. Title: A hardware base Control Flow Integrity protection to prevent control flow redirections
Role: Director
Entity: University of the West of Scotland, UK
Student Name: Sarwar Sayeed
Year: 2017-
24. Title: To be defined
Role: Co-Director
Entity: University of the West of Scotland, UK
Student Name: Antonio Matencio
Year: 2017-
25. Title: An application oriented, dynamic routing design for heterogeneous networks based onpolychromatic sets theory
Role: Assessor
Entity: University of the West of Scotland, UK
Student Name: Dong Wang
Year: 2017-
26. Title: Enhanced Cloud Based Video Services for Mobile Users
Role: Assessor
Entity: University of the West of Scotland, UK
Student Name: Bada Adedayo
Year: 2013-2018
Dr. Hector Marco-Gisbert 7/17
27. Title: To be defined
Role: Assessor
Entity: University of the West of Scotland, UK
Student Name: Andre Jeworutzki
Year: 2017-
28. Title: To be defined
Role: Assessor
Entity: University of the West of Scotland, UK
Student Name: Antonio Matencio Escolar
Year: 2017-
UNDERGRADUATE HONS PROJECT SUPERVISION
29. Evaluation of Open-source Intrusion Detection Systems on a low-power computingplatform, University of the West of Scotland, UK, 2016-2017.
30. Portable anonymizer using a Tor proxy in a Raspberry PI, University of the West ofScotland, UK, 2016-2017.
31. ROP gadgets finder to build ARM payloads, Universitat Politecnica de Valencia, Spain,2014-2015.
32. Design and implementation of the plugin framework for an advanced game enginearchitecture, Universitat Politecnica de Valencia, Spain, 2014-2015.
33. N-Modular architecture for software applications: Architecture evaluation, Universi-tat Politecnica de Valencia, Spain, 2013-2014.
34. N-Modular architecture for software applications: Monitor implementation, Univer-sitat Politecnica de Valencia, Spain, 2013-2014.
MSc PROJECT SUPERVISION
35. Analysis of the MITRE vulnerabilities database: Trends and evolution, MEng Com-puter Science, Universitat Politecnica de Valencia, Spain, 2015-16.
36. Designing a secure working environment using several VMware machines simulta-neously, Universitat Politecnica de Valencia, Spain, 2015-16.
Dr. Hector Marco-Gisbert 8/17
TEACHING INNOVATION PROJECTS
37. Risky e-Learning Platform for Information. Agence Europe-Education-FormationFrance - #2011-1-FR1-LEO05-24482
• Income: -
• Dates: 01/04/2009-31/03/2013
• Role: Co-investigator
• Partners: Instituto Tecnologico de Informatica, Universitat Politecnica de Valencia
RESEARCH GRANTS AND PROJECTS
1. CyberCloud: Enhanced Security Virtualisation for cloud environments
• Income: 7,095.00£
• Dates: 01/01/2018-31/12/2018
• Role: Principal Investigator
• Partners: University of the West of Scotland
2. Slicenet - H2020-ICT-2016-2
• Income: 7,979,030e
• Dates: 01/06/2017-31/05/2020
• Role: Co-investigator
• Partners: Eurescom, Altice Labs, University of the West of Scotland, Nextworks S.R.L, Er-icsson Telecomunicazioni SpA, IBM Israel Science and Technology Limited, Eurecom, Uni-versitat Politcnica de Catalunya, RedZinc Service Ltd., The Hellenic TelecommunicationsOrganisation S.A., Orange Romania, EFACEC Energia, Creative Systems Engineering, CITInfinite
3. 5G Video Lab
• Income: 400,000£
• Dates: 2017-2020
• Role: Co-investigator
• Partners: National Air Traffic Control Services, University of the West of Scotland
4. Address Space Layout Randomization for Linux S390 Systems, KTP Project
• Income: 3,000e
• Dates: 01/08/2016-16/08/2016
• Role: Principal Investigator
• Partners: IBM, Universitat Politecnica de Valencia
Dr. Hector Marco-Gisbert 9/17
5. ASLR-NG Implementation and Support in the Linux Kernel
• Income: 16,000e
• Dates: 01/08/2016-31/12/2016
• Role: Co-investigator
• Partners: Instituto Tecnologico de Informatica, Universitat Politecnica de Valencia
6. Offset2lib: Bypassing Full ASLR On 64bit Linux, KTP Project
• Income: 10,000$
• Dates: 06/2014-12/2014
• Role: Principal Investigator
• Partners: Packet Storm Security
7. EMC2: Embedded Multi-Core systems for Mixed Criticality applications in dynamicand changeable real-time environments - 621429
• Income: 94,000,000e
• Dates: 04/2014-06/2017
• Role: Co-investigator
• Partners: 101 partners of embedded industry and research from 16 European countries withan effort of about 770 person years
8. CRitical sYSTem engineering AcceLeration. ARTEMIS Joint Undertaking - 332830,Ministerio de Industria, Energia y Turismo - ART-010000-2013-1
• Income: 82,000,000e Total Grant
• Dates: 01/05/2013-31/03/2016
• Role: Co-investigator
• Partners: 71 partners from 10 different European countries
9. Virtualisation Techniques applied to Computing Security
• Income: 30,000e
• Dates: 01/01/2014-31/12/2014
• Role: Co-investigator
• Partners: Instituto Tecnologico de Informatica, Universitat Politecnica de Valencia
Dr. Hector Marco-Gisbert 10/17
10. Interactive and adaptive techniques for automatic recognition systems, learning andperception (TIASA) - TIN2009-14205-C04-03
• Income: not available
• Dates: 01/04/2013-31/12/2013
• Role: Co-investigator
• Partners: Instituto Tecnologico de Informatica, Universitat Politecnica de Valencia
11. HI-PARTES: High-Integrity Partitioned Embedded Systems. TIN2011-28567-C03-03
• Income: 198,319e
• Dates: 01/01/2012-31/07/2015
• Role: Co-investigator
• Partners: STRAST-UPM, CTR-UC, GII-UPV
12. System Impact of Distributed Multicore Systems (EADS). ASB32.AO.VC.708767.09
• Income: not available
• Dates: 25/01/2010-31/12/2011
• Role: Co-investigator
• Partners: ASTRIUM, ESTEC, Universitat Politecnica de Valencia
13. HIPERVIS: Hypervisor for Critical Real Time Embedded Systems. PROMETEO/2009/022
• Income: 111.630e
• Dates: 01/07/2009-31/12/2013
• Role: Co-investigator
• Partners: Universitat Politecnica de Valencia
14. TURTLE: Securising Embedded Distributed Systems. TSI-020301-2009-3
• Income: 215,127e
• Dates: 01/03/2009-01/04/2011
• Role: Co-investigator
• Partners: SICE, Fundacion European Software Institute (ESI), Universitat Politecnica deValencia, ETRA I+D, Celestica, Telefonica I+D, Acciona, Prometeo Innovations, Domod-esk, Visual-Tools, I&IMS, TB Solutions, CITEAN and Telvent Energia
Dr. Hector Marco-Gisbert 11/17
15. TECOM: Trusted Embedded Computing
• Income: 177,614e
• Dates: 01/01/2009-31/03/2010
• Role: Co-investigator
• Partners: Aonix, EADS DS, Thomson, Trango Virtual Processors, Trialog, Technikon,Fagor, Ikerlan, Universidad Politecnica de Madrid, Visual Tools and Universitat Politecnicade Valencia
16. TURTLE: Securising Embedded Distributed Systems. TSI-020301-2008-14
• Income: 25,603e
• Dates: 10/04/2008-10/01/2009
• Role: Co-investigator
• Partners: SICE, Fundacion European Software Institute (ESI), Universitat Politecnica deValencia, ETRA I+D, Celestica, Telefonica I+D, Acciona, Prometeo Innovations, Domod-esk, Visual-Tools, I&IMS, TB Solutions, CITEAN and Telvent Energia
17. Integral Support for Embedded Real Time Open and Distributed Systems PAID-05-06-6798
• Income: 9,900e
• Dates: 21/12/2006-21/12/2007
• Role: Co-investigator
• Partners: Universitat Politecnica de Valencia
RESEARCH PUBLICATIONS
IMMINENT INTERNATIONAL PUBLICATIONS
1. H. Marco-Gisbert, I. Ripoll Ripoll, J. M. Alcaraz Calero. “SSPFA: Towards an Enhanced Mem-ory Protection Architecture for Android OS”, (submitted-under review, Q1), 2018.
2. H. Marco-Gisbert and I. Ripoll Ripoll. “ASLR taxonomy: Evaluating Linux, PaX and OS X”,(submitted-under review, Q1), 2018.
3. F Vano Garcia and H. Marco-Gisbert. “KASLR Influence Over Deduplication”, (submitted-under review, B conference), 2018.
4. Ismael Ripoll, Hector Marco-Gisbert, Vıctor Martinez-Fernandez and Pedro Gil. Deteccion de co-piones con “pinganillos magnticos” y experimentos sobre magnetismo, (submitted-under review,docente), 2018.
PUBLICATIONS IN INTERNATIONAL CONFERENCES
5. H. Marco-Gisbert and I. Ripoll, “return-to-csu: A New Method to Bypass 64-bit Linux ASLR”, Black Hat Asia 2018, Singapore, March 2018.
Dr. Hector Marco-Gisbert 12/17
6. H. Marco-Gisbert and I. Ripoll, “Exploiting Linux and PaX ASLR’s Weaknesses on 32-bit and64-bit Systems”, Black Hat Asia 2016, Singapore, March-April 2016.
7. H. Marco-Gisbert and I. Ripoll, “On the Effectiveness of NX, SSP, RenewSSP and ASLR againststack buffer overflows”, 13th IEEE International Symposium on Network Computing and Appli-cations (IEEE NCA), August, 2014.
8. H. Marco-Gisbert and I. Ripoll, “Preventing brute force attacks against stack canary protec-tion on networking servers”, 12th IEEE International Symposium on Network Computing andApplications (IEEE NCA), pp. 243-250, August, 2013.
9. H. Marco-Gisbert, I. Ripoll, J.C. Ruiz and D.D. Andres, “Preventing Memory Errors in Net-worked Vehicle Services Through Diversification”, Proceedings of Workshop CARS (2nd Work-shop on Critical Automotive applications: Robustness & Safety) of the 32nd International Con-ference on Computer Safety, Reliability and Security (Safecomp), July 2013.
10. H. Marco-Gisbert and Alfons Crespo, “Security in real time embedded systems”, Simposio desistemas de tiempo real, September 2010.
11. H. Marco-Gisbert and I. Ripoll, “Bypassing Trusted Code: Hacking GRUB”, IX Jornadas STICCCN-CERT, Madrid, Spain, December 2015.
12. H. Marco-Gisbert and I. Ripoll, “Hardening Apache against SSP brute force attacks”, JornadasNacionales de Investigacin en Ciberseguridad, Leon, Spain, September, 2015.
13. I. Ripoll and H. Marco-Gisbert, “Using emulation through diversification to prevent memory er-rors exploitation”, Jornadas Nacionales de Investigacin en Ciberseguridad, Leon, Spain, Septem-ber, 2015.
14. H. Marco-Gisbert, I. Ripoll and A. Crespo, “Security in real time embedded systems”, CongresoEspanol de Informatica (CEDI), Valencia, Spain, September 2010.
BOOK CHAPTERS
15. H. Marco-Gisbert, I. Ripoll, J.C. Ruiz and D.D. Andres, “ Preventing Memory Error ExploitationThrough Emulation-based Processor Diversification”. Book chapter: Emerging Trends in ICTSecurity, 1st Edition (ICT 2013).
INVITED TALKS IN INTERNATIONAL CONFERENCES
16. Cybersecurity challenges in the nautical industry, Smart Shipping Symposium, UK, Jun 2018.
17. return-to-csu: A New Method to Bypass 64-bit Linux ASLR , Black Hat Asia 2018, Singapore,March 2018.
18. Abusing LUKS to Hack the System, In-depth Security Conference (DeepSec), Austria, Vienna,Nov, 2016.
19. Exploiting Linux and PaX ASLR’s Weaknesses on 32-bit and 64-bit Systems, Black Hat Asia,Singapore, Mar 2016.
20. Bypassing Trusted Code: Hacking GRUB, IX Jornadas STIC CCN-CERT, Madrid, Spain, Dec2015.
Dr. Hector Marco-Gisbert 13/17
21. On the Effectiveness of Full-ASLR on 64bit Linux, In-depth Security Conference (DeepSec),Austria, Vienna, Nov 2014.
INTERNATIONAL PUBLICATIONS OF SOFTWARE VULNERABILITIES
22. Initrd root Shell, Not failing securely
• CVE-ID: CVE-2016-4484
• Vendor: Cryptsetup <= 2:1
• Date: November 2016
• URL: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484 cryptsetup initrd shell.html
23. Unlimiting the stack not longer disables ASLR
• CVE-ID: CVE-2016-3672
• Vendor: Linux <= 4.5
• Date: April 2016
• URL: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
24. Back to 28: Authentication Bypass, Integer Underflow
• CVE-ID: CVE-2015-8370
• Vendor: Grub2 <= 2.02
• Date: December 2015
• URL: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
25. Bypass Pointer guard, Dynamic loader weakness
• CVE-ID: (pending)
• Vendor: Glibc <= 2.22.90
• Date: September 2015
• URL: http://hmarco.org/bugs/glibc ptr mangle weakness.html
26. AMD Linux ASLR weakness, Improper alignment
• CVE-ID: (pending)
• Vendor: Linux <= 4.0
• Date: March 2015
• URL: http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html
Dr. Hector Marco-Gisbert 14/17
27. Reduced mmap entropy, Improper mask manipulation
• CVE-ID: (pending)
• Vendor: Linux <= 3.18
• Date: January 2015
• URL: http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html
28. Reduced stack entropy, Integer overflow
• CVE-ID: CVE-2015-1593
• Vendor: Linux <= 3.19
• Date: January 2015
• URL: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
29. Denial of Service, Incorrect headers handling
• CVE-ID: CVE-2015-1574
• Vendor: Google Email 4.2.2
• Date: January 2015
• URL: http://hmarco.org/bugs/google email app 4.2.2 denial of service.html
30. Root shell, Stack buffer overflow
• CVE-ID: CVE-2014-5439
• Vendor: Sniffit <= 0.3.7
• Date: July 2014
• URL: http://hmarco.org/bugs/CVE-2014-5439-sniffit 0.3.7-stack-buffer-overflow.html
31. Root shell (II), Drop privileges failed
• CVE-ID: CVE-2014-1226
• Vendor: s3dvt <= 0.2.2
• Date: March 2014
• URL: http://hmarco.org/bugs/CVE-2014-1226-s3dvt 0.2.2-root-shell.html
32. Root shell
• CVE-ID: (pending)
• Vendor: Bash <= 4.3
• Date: March 2014
• URL: http://hmarco.org/bugs/bash 4.3-setuid-bug.html
Dr. Hector Marco-Gisbert 15/17
33. Root Privilege escalation, Drop privileges failed
• CVE-ID: CVE-2013-6825
• Vendor: DCMTK <= 3.6.1
• Date: March 2014
• URL: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html
34. Root shell (I), Drop privileges failed
• CVE-ID: CVE-2013-6876
• Vendor: s3dvt <= 0.2.2
• Date: March 2014
• URL: http://hmarco.org/bugs/s3dvt 0.2.2-root-shell.html
35. Bypass pointer guard, No pointer protection
• CVE-ID: CVE-2013-4788
• Vendor: Glibc <= 2.17
• Date: March 2013
• URL: http://hmarco.org/bugs/CVE-2013-4788.html
INTELLECTUAL PROPERTY RIGHTS AND PATENTS
1. H. Marco-Gisbert and Ismael Ripoll, ASLRA, (under register). [ONLINE].
2. H. Marco-Gisbert and Ismael Ripoll, ASLR-NG, (under register). [ONLINE].
3. H. Marco-Gisbert and Ismael Ripoll, DRITAE, (under register).
4. H. Marco-Gisbert, NEXX hypervisor, (under register). [ONLINE].
5. H. Marco-Gisbert, STP partition, (under register).
6. H. Marco-Gisbert and Ismael Ripoll, Offset2lib, (under register) [ONLINE].
7. H. Marco-Gisbert and Ismael Ripoll, jmp2non-ssp, (under register).
8. H. Marco-Gisbert and Ismael Ripoll, CRTµROP, (under register).
9. Ismael Ripoll and H. Marco-Gisbert, RenewSSP, 14341118, 2014. [ONLINE].
REPRESENTATION IN INTERNATIONAL PROFESSIONAL BODIES
MEMBERSHIP IN INTERNATIONAL BODIES
1. Member of the Engineering and Physical Sciences Research Council (EPSRC) Peer Review Col-lege, UK.
Dr. Hector Marco-Gisbert 16/17
2. Institute of Electrical and Electronics Engineers (IEEE) Member, 93100035.
3. H2020 expert reviewer evaluator. European Commission, Brussels.
4. Co-founder and active member of the Cybersecurity group at Universitat Politecnica de Valencia,Spain.
REVIEWER FOR INTERNATIONAL JOURNALS
5. Special Issue on emerging trends in adaptive computation for mobiquitous systems, 2014
CHAIRMAN ACTIVITIES FOR INTERNATIONAL CONFERENCES
6. The Eleventh International Conference on Emerging Security Information, Systems and Tech-nologies. OSAS: Operating Systems and Applications Security. Rome, Italy, 2017
TECHNICAL PROGRAMCOMMITTEE FOR INTERNATIONAL CONFERENCES
7. IEEE International Conference on Data Science and Systems (DSS), UK, 2018.
8. International Joint Conference on Information and Communication Engineering (JCICE), China,2018.
9. IEEE International Conference on Cybernetics (CYBCONF), UK, 2017
10. International Symposium on Networks, Computers and Communications (ISNCC), Morocco,2017
11. International Conference on Emerging Security Information, Systems and Technologies (SECUR-WARE), Italy, 2017.
12. Jornadas Nacionales de investigacion en Ciberseguridad (JNIC), Spain, 2015.
13. IEEE real-time and embedded technology and applications symposium (RTAS), Germany, 2014
14. Latin-American Symposium on Dependable Computing (LADC), Brazil, 2013
LANGUAGES
English (advanced), French (elementary), Spanish (mother tongue), Valencian/Catalan (mothertongue).
REFERENCES
FROM ACADEMIA
Dr. Hector Marco-Gisbert 17/17
Dr. Ismael RipollAssociate ProfessorDept. of Computing EngineeringUniversitat Politecnica de ValenciaCami de Vera s/n, 46022UPV University, Valencia, SpainPhone: +34 96 387 7007 Ext. [email protected]
Dr. Pietro ManzoniProfessorDept. of Computing EngineeringUniversitat Politecnica de ValenciaCami de Vera s/n, 46022UPV University, Valencia, SpainPhone: +34 96 387 7007 Ext. [email protected]
Dr. Juan Carlos CanoProfessor & Head of the DepartmentDept. of Computing EngineeringUniversitat Politecnica de ValenciaCami de Vera s/n, 46022UPV University, Valencia, SpainPhone: +34 96 387 7007 Ext. [email protected]
Dr. Andres TerrasaAssociate ProfessorDept. of Computer systems and ComputationUniversitat Politecnica de ValenciaCami de Vera s/n, 46022UPV University, Valencia, SpainPhone: +34 96 387 7007 Ext. [email protected]
FROM INDUSTRY
Dr. Jesus FriginalProject manager Security & SafetySCASSIC/ Capitn Haya, 38-428020 Madrid, SpainPhone:+34 625 235 [email protected]
Sir. Antonio VillalonSecurity manager at S2 grupoS2 Grupo Security CompanyRamiro de Maeztu,746022 Valencia, SpainPhone: +34 963 110 [email protected]
Dr. Hector Marco-Gisbert 18/17