| A methodology for testing CPU emulators | 4 | 0.43 | 2013 |
| Cloud terminal: secure access to sensitive applications from untrusted systems | 18 | 0.91 | 2012 |
| Path-exploration lifting: hi-fi tests for lo-fi emulators | 33 | 1.43 | 2012 |
| Statically-directed dynamic automated test generation | 51 | 1.90 | 2011 |
| Dynamic and transparent analysis of commodity production systems | 21 | 0.88 | 2010 |
| Testing system virtual machines | 16 | 0.70 | 2010 |
| Automatic generation of remediation procedures for malware infections | 10 | 0.56 | 2010 |
| N-version disassembly: differential testing of x86 disassemblers | 13 | 0.70 | 2010 |
| Conqueror: tamper-proof code execution on legacy systems | 14 | 0.84 | 2010 |
| Live and trustworthy forensic analysis of commodity production systems | 26 | 1.05 | 2010 |
| How Good Are Malware Detectors at Remediating Infected Systems? | 1 | 0.37 | 2009 |
| Testing CPU emulators | 31 | 1.67 | 2009 |
| A Framework for Behavior-Based Malware Analysis in the Cloud | 17 | 0.85 | 2009 |
| A Layered Architecture for Detecting Malicious Behaviors | 47 | 2.01 | 2008 |
| FluXOR: Detecting and Monitoring Fast-Flux Service Networks | 56 | 4.35 | 2008 |
| Code Normalization for Self-Mutating Malware | 29 | 1.48 | 2007 |
| Code Normalization for Self-Mutating Malware | 29 | 1.48 | 2007 |
| Code Normalization for Self-Mutating Malware | 29 | 1.48 | 2007 |
| Code Normalization for Self-Mutating Malware | 29 | 1.48 | 2007 |
| A Smart Fuzzer for x86 Executables | 13 | 1.08 | 2007 |
| Detecting self-mutating malware using control-flow graph matching | 89 | 4.28 | 2006 |
