Search results

  1. Effective Attacks and Provable Defenses for Website Fingerprinting

    low-latency anonymity networks such as Tor. In this paper, we show a new attack that achieves significantly ...

    arnold - January 7, 2022 - 11:13 am

  2. Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing

    Friday, August 1, 2014- 10:00am Michael Backes,  Saarland University and  Max Planck Institute for Software Systems (MPI-SWS);  Stefan Nürnberger,  Saarland University The latest effective defense against code reuse attacks is fine-grained, per-process me ...

    arnold - December 22, 2021 - 3:21 pm

  3. ret2dir: Rethinking Kernel Isolation

    Friday, August 1, 2014- 10:45am Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis,  Columbia University Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to data residing in user space. In response, several kernel-h ...

    arnold - January 10, 2022 - 2:36 pm

  4. When Governments Hack Opponents: A Look at Actors and Technology

    Friday, August 1, 2014- 10:00am William R. Marczak,  University of California, Berkeley, and The Citizen Lab;  John Scott-Railton,  University of California, Los Angeles, and The Citizen Lab;  Morgan Marquis-Boire, The Citizen Lab;  Vern Paxson,  Universi ...

    arnold - January 10, 2022 - 1:59 pm

  5. On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications

    Friday, August 1, 2014- 10:15am Nikolaos Karapanos and Srdjan Capkun,  ETH Zürich In this paper we ...

    arnold - January 10, 2022 - 2:37 pm

  6. On the Feasibility of Large-Scale Infections of iOS Devices

    because of iOS’ advanced security architecture. In this paper, we show that infecting a large number of ...

    arnold - December 13, 2021 - 7:18 am

  7. Password Managers: Attacks and Defenses

    Friday, August 1, 2014- 10:00am David Silver, Suman Jana, and Dan Boneh,  Stanford University;  Eric Chen and Collin Jackson,  Carnegie Mellon University We study the security of popular password managers and their policies on automatically filling in Web ...

    arnold - January 7, 2022 - 1:09 pm

  8. Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts

    Friday, August 1, 2014- 10:15am Dinei Florêncio and Cormac Herley,  Microsoft Research;  Paul C. van Oorschot,  Carleton University We explore how to manage a portfolio of passwords. We review why mandating exclusively strong passwords with no re-use give ...

    arnold - December 22, 2021 - 4:14 pm

  9. Gyrophone: Recognizing Speech from Gyroscope Signals

    Friday, July 25, 2014- 5:15pm Yan Michalevsky and Dan Boneh, Stanford University; Gabi Nakibly, National Research & Simulation Center, Rafael Ltd. We show that the MEMS gyroscopes found on modern smart phones are sufficiently sensitive to measure acou ...

    arnold - January 10, 2022 - 1:54 pm

  10. Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection

    framework). In this paper, we provide the first comprehensive security analysis of various CFI solutions ...

    arnold - December 22, 2021 - 4:02 pm

  11. The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers

    Friday, August 1, 2014- 10:00am Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song, University of California, Berkeley We conduct a security analysis of five popular web-based password managers. Unlike “local” password managers, web-based password manag ...

    arnold - December 13, 2021 - 6:16 am

  12. Hulk: Eliciting Malicious Behavior in Browser Extensions

    Friday, July 25, 2014- 5:30pm Alexandros Kapravelos,  University of California, Santa Barbara;  Chris Grier,  University of California, Berkeley, and International Computer Science Institute;  Neha Chachra,  University of California, San Diego;  Christoph ...

    arnold - December 13, 2021 - 7:18 am

  13. Telepathwords: Preventing Weak Passwords by Reading Users’ Minds

    Friday, August 1, 2014- 10:15am Saranga Komanduri, Richard Shay, and Lorrie Faith Cranor, Carnegie Mellon University; Cormac Herley and Stuart Schechter, Microsoft Research To discourage the creation of predictable passwords, vulnerable to guessing attack ...

    arnold - December 13, 2021 - 5:45 am

  14. Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing

    Wisconsin—Madison Awarded Best Paper! We initiate the study of privacy in pharmacogenetics, wherein machine learning ...

    arnold - December 22, 2021 - 4:19 pm

  15. Precise Client-side Protection against DOM-based Cross-Site Scripting

    Friday, August 1, 2014- 10:15am Ben Stock,  University of Erlangen-Nuremberg;  Sebastian Lekies, Tobias Mueller, Patrick Spiegel, and Martin Johns,  SAP AG The current generation of client-side Cross-Site Scripting filters rely on string comparison to det ...

    arnold - December 13, 2021 - 5:45 am

  16. An Internet-Wide View of Internet-Wide Scanning

    Tuesday, July 29, 2014- 4:00pm Zakir Durumeric, Michael Bailey, and J. Alex Halderman, University of Michigan While it is widely known that port scanning is widespread, neither the scanning landscape nor the defensive reactions of network operators have b ...

    arnold - December 22, 2021 - 4:07 pm

  17. Automatically Detecting Vulnerable Websites Before They Turn Malicious

    Awarded Best Student Paper! Significant recent research advances have made it possible to design systems ... useful, such systems are reactive by nature. In this paper, we take a complementary approach, and attempt ...

    arnold - December 13, 2021 - 5:45 am

  18. Towards Detecting Anomalous User Behavior in Online Social Networks

    Tuesday, July 29, 2014- 4:45pm Bimal Viswanath and M. Ahmad Bashir,  Max Planck Institute for Software Systems (MPI-SWS);  Mark Crovella,  Boston University;  Saikat Guha,  Microsoft Research;  Krishna P. Gummadi,  Max Planck Institute for Software System ...

    arnold - January 7, 2022 - 11:23 am

  19. TRUESET: Faster Verifiable Set Computations

    Friday, July 25, 2014- 5:15pm Ahmed E. Kosba, University of Maryland; Dimitrios Papadopoulos, Boston University; Charalampos Papamanthou, Mahmoud F. Sayed, and Elaine Shi, University of Maryland; Nikos Triandopoulos, RSA Laboratories and Boston University ...

    arnold - January 10, 2022 - 2:26 pm

  20. The Long “Taile” of Typosquatting Domain Names

    paper, we perform a comprehensive study of typosquatting domain registrations within the.com TLD. Our ...

    arnold - January 7, 2022 - 1:04 pm

  21. Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns

    Friday, August 1, 2014- 10:30am Jonathan Dautrich, University of California, Riverside; Emil Stefanov, University of California, Berkeley; Elaine Shi, University of Maryland, College Park We present Burst ORAM, the first oblivious cloud storage system to ...

    arnold - December 22, 2021 - 4:01 pm

  22. JIGSAW: Protecting Resource Access by Inferring Programmer Expectations

    incomplete ways. In this paper, we provide a comprehensive defense against vulnerabilities during resource ...

    arnold - January 7, 2022 - 11:27 am

  23. ROP is Still Dangerous: Breaking Modern Defenses

    attacks. In this paper, we introduce three new attack methods that break many existing ROP defenses. Then ...

    arnold - December 22, 2021 - 3:42 pm

  24. TapDance: End-to-Middle Anticensorship without Flow Blocking

    core of the network, at large ISPs outside the censoring country. In this paper, we focus on two ...

    arnold - January 7, 2022 - 11:06 am

  25. Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components

    Friday, August 1, 2014- 10:00am Manuel Egele, Maverick Woo, Peter Chapman, and David Brumley,  Carnegie Mellon University Matching function binaries—the process of identifying similar functions among binary executables—is a challenge that underlies many s ...

    arnold - December 22, 2021 - 4:09 pm

Pages