Search results

  1. AdSplit: Separating Smartphone Advertising from Applications

    interaction and stealing money from the advertiser. This paper describes AdSplit, where we extended Android to ...

    jel - December 17, 2021 - 1:52 am

  2. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis

    critical to quickly reveal its malicious intent and inner workings. In this paper we present DroidScope, an ...

    jel - December 17, 2021 - 1:52 am

  3. Chimera: A Declarative Language for Streaming Network Traffic Analysis

    efficiency and flexibility required for complex intrusion detection tasks. In this paper, we introduce ...

    jel - December 17, 2021 - 1:52 am

  4. Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion

    Y. Xu,  University of North Carolina at Chapel Hill;  G. Reynaga and S. Chiasson,  Carleton University;  J.-M. Frahm and F. Monrose,  University of North Carolina at Chapel Hill;  P. van Oorschot,  Carleton University We explore the robustness and usabili ...

    jel - December 17, 2021 - 1:52 am

  5. Impact of Spam Exposure on User Engagement

     Xuanhui Wang, Facebook In this paper we quantify the effect of unsolicited emails (spam) on behavior and ...

    jel - December 16, 2021 - 8:52 pm

  6. From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware

    the bot malware executables, which is not always feasible. In this paper we present a new technique to ...

    jel - December 16, 2021 - 8:52 pm

  7. kGuard: Lightweight Kernel Protection against Return-to-User Attacks

    Vasileios P. Kemerlis, Georgios Portokalidis, and Angelos D. Keromytis,  Columbia University Return-to-user (ret2usr) attacks exploit the operating system kernel, enabling local users to hijack privileged execution paths and execute arbitrary code with el ...

    jel - December 16, 2021 - 8:52 pm

  8. Privacy-Preserving Social Plugins

    any kind of content personalization, ruining the user experience. In this paper we propose a novel ...

    jel - December 16, 2021 - 8:52 pm

  9. Progressive Authentication: Deciding When to Authenticate on Mobile Phones

    Oriana Riva,  Microsoft Research;  Chuan Qin,  University of South Carolina;  Karin Strauss and Dimitrios Lymberopoulos,  Microsoft Research Mobile users are often faced with a trade-off between security and convenience. Either users do not use any securi ...

    jel - December 16, 2021 - 8:52 pm

  10. Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web

    authentication mechanisms, we seem to be stuck with passwords and cookies. In this paper, we propose to break ...

    jel - December 16, 2021 - 9:52 pm

  11. Privilege Separation in HTML5 Applications

    administrative cost. In this paper, we propose a new design for achieving effective privilege separation in HTML5 ...

    jel - December 16, 2021 - 9:52 pm

  12. Throttling Tor Bandwidth Parasites

    Rob Jansen and Paul Syverson,  U.S. Naval Research Laboratory;  Nicholas Hopper,  University of Minnesota Tor is vulnerable to network congestion and performance problems due to bulk data transfers. A large fraction of the available network capacity is co ...

    jel - December 16, 2021 - 9:52 pm

  13. An Evaluation of the Google Chrome Extension Security Architecture

    Nicholas Carlini, Adrienne Porter Felt, and David Wagner, University of California, Berkeley Vulnerabilities in browser extensions put users at risk by providing a way for website and network attackers to gain access to users’ private data and credentials ...

    jel - December 16, 2021 - 9:52 pm - 1 comment

  14. Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization

    involved. In this paper, we propose the first design for fine-grained address space randomization (ASR) ...

    jel - December 16, 2021 - 9:52 pm

  15. STING: Finding Name Resolution Vulnerabilities in Programs

    this paper, we propose the STING test engine, which finds name resolution vulnerabilities in programs ...

    jel - December 16, 2021 - 9:52 pm

  16. Tracking Rootkit Footprints with a Practical Memory Analysis System

    Technology;  Ellick Chan,  University of Illinois at Urbana-Champaign In this paper, we present MAS, ...

    jel - December 16, 2021 - 9:52 pm - 1 comment

  17. Billion-Gate Secure Computation with Malicious Adversaries

    Benjamin Kreuter, abhi shelat, and Chih-hao Shen,  University of Virginia The goal of this paper ...

    jel - December 16, 2021 - 9:52 pm

  18. PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs

    precisely because it is “underground.” In this paper we exploit a rare opportunity to view three such ...

    jel - December 16, 2021 - 9:52 pm

  19. How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation

    Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor,  Carnegie Mellon University To help users create stronger ...

    jel - December 16, 2021 - 9:52 pm

  20. Establishing Browser Security Guarantees through Formal Shim Verification

    Dongseok Jang, Zachary Tatlock, and Sorin Lerner, University of California, San Diego Web browsers mediate access to valuable private data in domains ranging from health care to banking. Despite this critical role, attackers routinely exploit browser vuln ...

    jel - December 16, 2021 - 10:52 pm

  21. I Forgot Your Password: Randomness Attacks Against PHP Applications

    George Argyros and Aggelos Kiayias,  University of Athens We provide a number of practical techniques and algorithms for exploiting randomness vulnerabilities in PHP applications.We focus on the predictability of password reset tokens and demonstrate how ...

    jel - December 16, 2021 - 10:52 pm

  22. Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner

    Adam Doupé, Ludovico Cavedon, Christopher Kruegel, and Giovanni Vigna,  University of California, Santa Barbara Black-box web vulnerability scanners are a popular choice for finding security vulnerabilities in web applications in an automated fashion. The ...

    jel - December 16, 2021 - 10:52 pm

  23. Tachyon: Tandem Execution for Efficient Live Patch Testing

    manually to make sure they do not introduce problems, especially at the enterprise level. In this paper we ...

    jel - December 16, 2021 - 10:52 pm

  24. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

    Alex Halderman,  University of Michigan       Awarded Best Paper!    Nadia Heninger, University of ...

    jel - December 16, 2021 - 10:52 pm

  25. Experiment Explorer: Lightweight Provenance Search over Metadata

    are not tailored towards the common use cases of researchers. In this position paper, we propose ...

    jel - December 17, 2021 - 10:52 am

Pages