Search results

  1. BugBox: A Vulnerability Corpus for PHP Web Applications

    Gary Nilson, Kent Wills, Jeffrey Stuckman, and James Purtilo,  University of Maryland, College Park Web applications are a rich source of vulnerabilities due to their high exposure, diversity, and popularity. Accordingly, web application vulnerabilities a ...

    arnold - December 15, 2021 - 2:52 am

  2. MalwareLab: Experimentation with Cybercrime Attack Tools

    functionalities. In this paper we present our experimental approach in testing 10 exploit kits leaked from the ...

    arnold - December 15, 2021 - 2:52 am

  3. MINESTRONE: Testing the SOUP

    effectiveness. In this paper we present MINESTRONE, a novel architecture that integrates static analysis, dynamic ...

    arnold - December 15, 2021 - 2:52 am

  4. Valuing Security by Getting [d0x3d!]: Experiences with a Network Security Board Game

    Mark Gondree, Naval Postgraduate School; Zachary N.J. Peterson, California Polytechnic State University, San Luis Obispo We motivate using non-digital games to teach computer security concepts and describe the inspirations driving the design of our board ...

    arnold - December 15, 2021 - 2:52 am

  5. Internet Measurements and Public Policy: Mind the Gap

    answering policy questions. In this paper, we argue that this is due to a systematic gap between the ways ...

    arnold - December 15, 2021 - 2:52 am

  6. Bridging the Data Gap: Data Related Challenges in Evaluating Large Scale Collaborative Security Systems

    John Sonchack, University of Pennsylvania; Adam J. Aviv, Swarthmore College; Jonathan M. Smith, University of Pennsylvania Data-sharing approaches such as collaborative security have been successfully applied to systems addressing multiple classes of cybe ...

    arnold - December 15, 2021 - 2:52 am

  7. OCTANE (Open Car Testbed and Network Experiments): Bringing Cyber-Physical Security Research to Researchers and Students

    manufacturer are not standardized and are generally not publicly available. In this paper we present Open Car ...

    arnold - December 15, 2021 - 2:52 am

  8. Generation of SSH Network Traffic Data for IDS Testbeds

    Hristo Djidjev, Los Alamos National Laboratory;  Lyudmil Aleksandrov, Institute of Information and Communication Technologies, Bulgaria We develop an algorithm for generating secure shell (ssh) network traffic that can find use as a part of a testbed for ...

    arnold - December 15, 2021 - 2:52 am

  9. RTRlib: An Open-Source Library in C for RPKI-based Prefix Origin Validation

    In this paper, we give first insights into the additional system load introduced by RPKI at BGP ...

    arnold - December 15, 2021 - 3:52 am

  10. Truncating TLS Connections to Violate Beliefs in Web Applications

    Ben Smyth and Alfredo Pironti,  INRIA Paris-Rocquencourt We identify logical web application flaws which can be exploited by TLS truncation attacks to desynchronize the user- and server-perspective of an application’s state. It follows immediately that se ...

    casey - December 14, 2021 - 11:52 pm

  11. FireDrill: Interactive DNS Rebinding

    Yunxing Dai and Ryan Resig,  University of Michigan By using traditional DNS rebinding attacks, an attacker is able to circumvent firewalls in order to access internal network servers. Although many of the variations of this attack are well-known and suff ...

    casey - December 14, 2021 - 11:52 pm

  12. Illuminating the Security Issues Surrounding Lights-Out Server Management

    Anthony J. Bonkoski, Russ Bielawski, and J. Alex Halderman,  University of Michigan This paper ...

    casey - December 14, 2021 - 11:52 pm

  13. Bluetooth: With Low Energy Comes Low Security

    Mike Ryan,  iSEC Partners We discuss our tools and techniques to monitor and inject packets in Bluetooth Low Energy. Also known as BTLE or Bluetooth Smart, it is found in recent high-end smartphones, sports devices, sensors, and will soon appear in many m ...

    casey - December 14, 2021 - 11:52 pm

  14. Breaking Cell Phone Authentication: Vulnerabilities in AKA, IMS, and Android

    paper, we look at the security aspects of Internet calling services and other systems that use the 3GPP ...

    casey - December 14, 2021 - 11:52 pm

  15. Cloning Credit Cards: A Combined Pre-play and Downgrade Attack on EMV Contactless

    codes that are normally required to perform a payment transaction). This paper introduces an attack ...

    casey - December 14, 2021 - 11:52 pm

  16. Subverting BIND's SRTT Algorithm Derandomizing NS Selection

    Roee Hay, IBM;  Jonathan Kalechstein, Technion—Israel Institute of Technology;  Gabi Nakibly,  National EW Research & Simulation Center, Israel One of the defenses against DNS cache poisoning is randomization of the IP address of the queried name serv ...

    casey - December 14, 2021 - 11:52 pm

  17. Leveraging Honest Users: Stealth Command-and-Control of Botnets

    shutdown or infiltration. In this paper, we will therefore analyze in detail a new kind of botnet C2 ...

    casey - December 14, 2021 - 11:52 pm

  18. From an IP Address to a Street Address: Using Wireless Signals to Locate a Target

    Craig A. Shue, Worcester Polytechnic Institute;  Nathanael Paul, University of Tennessee and Oak Ridge National Laboratory; Curtis R. Taylor,  Worcester Polytechnic Institute How quickly can somebody convert an IP address of a target into a real-word stre ...

    casey - December 15, 2021 - 12:52 am

  19. Looking Inside the (Drop) Box

    hardened applications like Dropbox. This paper presents new and generic techniques, to reverse engineer ...

    casey - December 15, 2021 - 12:52 am

  20. “Weird Machines” in ELF: A Spotlight on the Underappreciated Metadata

    Rebecca Shapiro, Sergey Bratus, and Sean W. Smith,  Dartmouth College Although software exploitation historically started as an exercise in coaxing the target's execution into attacker supplied binary shellcode, it soon became a practical study in pu ...

    casey - December 15, 2021 - 12:52 am

  21. Introducing Die Datenkrake: Programmable Logic for Hardware Security Analysis

    Dmitry Nedospasov,  FG SecT, TU Berlin;  Thorsten Schr ö der,  modzero AG This work presents Die Datenkrake, an open source hardware USB peripheral for hardware analysis. Die Datenkrake is comprised of an ARM microcontroller and a Field Programmable Logic ...

    casey - December 15, 2021 - 12:52 am

  22. The Page-Fault Weird Machine: Lessons in Instruction-less Computation

    Julian Bangert, Sergey Bratus, Rebecca Shapiro, and Sean W. Smith,  Dartmouth College Trust Analysis, i.e. determining that a system will not execute some class of computations, typically assumes that all computation is captured by an instruction trace. W ...

    casey - December 15, 2021 - 12:52 am

  23. Privacy-Preserving Computation of Disease Risk by Using Genomic, Clinical, and Environmental Data

    tests, in this paper, we propose a privacy-preserving system for storing and processing genomic, ...

    casey - December 15, 2021 - 3:52 am

  24. Understanding the Challenges with Medical Data Segmentation for Privacy

    Ellick M. Chan, Peifung E. Lam, and John C. Mitchell,  Stanford University Electronic Health Records (EHRs) are perceived as a path to significant improvement in healthcare, and patient privacy is an important consideration in the adoption of EHRs. Medica ...

    casey - December 15, 2021 - 3:52 am

  25. Privacy Aspects of Health Related Information Sharing in Online Social Networks

    Sadegh Torabi and Konstantin Beznosov,  University of British Columbia Presented by Lujo Bauer, Carnegie Mellon University  Online social networks (OSNs) have formed virtual social networks where people meet and share information. Among all shared informa ...

    casey - December 15, 2021 - 3:52 am

Pages