Bart Coppens — Research

myself in the Swiss alps

I'm a post-doctoral researcher at Ghent University (UGent), ELIS Department, Computer Systems Lab. This is my research-related page, I also have a personal homepage. From 2003 to 2007 I worked on my Master's degree in Computer Science (a 'licentiaat in de informatica'), and in June 2013 I received my PhD in Computer Science Engineering.

My research interests are timing-based side-channel attacks and software diversity, and software security in general.


My research is about automatically making binary programs more secure (given different attack models). In particular, I have worked on the compiler-level generation of binary code to output programs that are less vulnerable to timing-based side channel attacks, and on rewriting binary code at link-time to make it more resistant against patch-based attacks.

Protection against patch-based attacks. The problem of patch-based attacks is that of Patch Tuesday/Exploit Wednesday. Here a security update is released, after which hackers try to find the vulnerability in the unpatched program by analyzing the difference between the original version of the program and the patched version. If this can be done fast enough, attackers can exploit this vulnerability with the mass of users that has not yet applied this patch. Applying software diversity increases the effort for attacker to find the original vulnerability, thus increasing the time window in which a user running unpatched code is safe from such exploitation. I try to mitigate these using software diversity. This is a technique where an application instance is transformed into syntactically different, but semantically equivalent instance. I do this at link time using the binary link time rewriting framework Diablo.

The first step is to evaluate the effectiveness of diversification strategies in slowing down an attacker. Assuming that an attacker will use existing tools to pinpoint the changes in the code, I compared different binary diffing tools and studied different ways in which they can be used to measure the effectiveness of existing diversification strategies.

I then improved the existing diversification techniques in order to deliver a similar slow-down for the attacker, but with a lower overhead in execution time of the patched program. This is done by using the binary diffing tools to compare which code fragments are still matched, and using this information in a feedback loop to iteratively transform only code that is still matched. I am currently working for the Aspire FP7 project, in which I'll be extending these techniques.

Protection against side-channel attacks. Differences in the execution time of a program can give an attacker additional information on the internal state of a cryptographic algorithm, potentially leading to the compromise of secret information. I researched mitigating side-channels on modern x86 processors. I worked on a compiler-based toolflow to apply if-conversion to cryptographical code in order to eliminate control-flow related side-channels. Furthermore, using the division instruction as an example of a variable-latency instruction on the x86 architecture, I evaluated different techniques to mitigate data-flow related timing side-channels.

Multi-Variant Execution Environments
  1. Taming Parallelism in a Multi-Variant Execution Environment
    Stijn Volckaert, Bart Coppens, Bjorn De Sutter, Koen De Bosschere, Per Larsen, Michael Franz
    EuroSys, 2017
  2. Secure and Efficient Application Monitoring and Replication [Code]
    Stijn Volckaert, Bart Coppens, Alexios Voulimeneas, Andrei Homescu, Per Larsen, Bjorn De Sutter, Michael Franz
    USENIX Annual Technical Conference (ATC), 2016
  3. Cloning your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution [Code]
    Stijn Volckaert, Bart Coppens, Bjorn De Sutter
    IEEE Transactions on Dependable and Secure Computing (TDSC), 2016
Software security
  1. Tightly-coupled self-debugging software protection
    Bert Abrath, Bart Coppens, Stijn Volckaert, Joris Wijnant, Bjorn De Sutter
    Workshop on Software Security, Protection, and Reverse Engineering (SSPREW), 2016
  2. Reactive Attestation: Automatic Detection and Reaction to Software Tampering Attacks
    Alessio Viticchié, Cataldo Basile, Andrea Avancini, Mariano Ceccato, Bert Abrath, Bart Coppens
    International Workshop on Software Protection (SPRO), 2016
  3. SOFIA: Software and control flow integrity architecture
    Ruan de Clercq, Ronald De Keulenaer, Bart Coppens, Bohan Yang, Pieter Maene, Koen De Bosschere, Bart Preneel, Bjorn De Sutter, Ingrid Verbauwhede
    Design, Automation and Test in Europe (DATE), 2016
  4. Obfuscating Windows DLLs
    Bert Abrath, Bart Coppens, Stijn Volckaert, Bjorn De Sutter
    International Workshop on Software Protection (SPRO), 2015
  5. Software Protection with Code Mobility [Code]
    Alessandro Cabutto, Paolo Falcarin, Bert Abrath, Bart Coppens, Bjorn De Sutter
    Workshop on Moving Target Defense (MTD), 2016
  6. Program Variation for Software Security
    Bart Coppens
    PhD thesis, Ghent University, 2013
  7. Feedback-driven binary code diversification [Partial (but improved) code]
    Bart Coppens, Bjorn De Sutter, Jonas Maebe
    ACM Transactions on Architecture and Code Optimization (TACO), 2013
  8. Protecting Your Software Updates
    Bart Coppens, Bjorn De Sutter, Koen De Bosschere
    IEEE Security & Privacy magazine, 2013
  9. A Novel Obfuscation: Class Hierarchy Flattening
    Christophe Foket, Bjorn De Sutter, Bart Coppens, and Koen De Bosschere
    International Symposium on Foundations & Practice of Security (FPS), 2012
  10. DNS Tunneling for Network Penetration [Code in dns-tunneling branch]
    Daan Raman, Bjorn De Sutter, Bart Coppens, Stijn Volckaert, Koen De Bosschere, Pieter Danhieux, Erik Van Buggenhout
    International Conference on Information Security and Cryptology (ICISC), 2012
  11. Compiler mitigations for time attacks on modern x86 processors
    Jeroen Van Cleemput, Bart Coppens, Bjorn De Sutter
    ACM Transactions on Architecture and Code Optimization (TACO), 2012
  12. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors
    Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere and Bjorn De Sutter
    IEEE Symposium on Security and Privacy (Oakland, S&P), 2009
Boundaries of patches (Master's thesis research)
  1. An Efficient Algorithm for the Generation of Planar Polycyclic Hydrocarbons with a Given Boundary [Code integrated in CaGe]
    Gunnar Brinkmann and Bart Coppens
    MATCH Communications in Mathematical and in Computer Chemistry, 2008
  2. Grenzen van Patches [Code]
    Bart Coppens
    Master's Thesis in Computer Science ('Licentiaat Informatica') (Dutch), 2007
Computer Labs

I assist in the (computer) labs of the following courses:

  • Computerarchitectuur, an introductory course on computer architecture.
  • Ingenieursproject I: Stappenteller, a project where first year engineering students learn to write a step counter application on Android.


You can always contact me at 'kde' @ this .be domain. Note: due to a change in university policies, university email addresses (both and will be terminated after leaving the university. To ensure continuity, you should just contact me on this .be domain.

My PGP key fingerprint is 1540 BAC4 779C EACB 5212 A959 6516 95B0 5F29 CF10 (also available on

My LinkedIn profile.

Or, being social, Facebook and Twitter.

My Google Scholar profile.