Search results

  1. UIPicker: User-Input Privacy Identification in Mobile Applications

    Yuhong Nan, Min Yang, Zhemin Yang, and Shunfan Zhou, Fudan University; Guofei Gu, Texas A&M University; Xiaofeng Wang, Indiana University Bloomington Identifying sensitive user inputs is a prerequisite for privacy protection. When it comes to today’s ...

    michele - December 11, 2021 - 7:57 pm

  2. Under-Constrained Symbolic Execution: Correctness Checking for Real Code

    David A. Ramos and Dawson Engler, Stanford University Awarded Best Paper! Software bugs are ... all possible inputs to a program but suffers from scalability limitations. This paper uses a variant, ...

    arnold - December 11, 2021 - 7:57 pm

  3. TaintPipe: Pipelined Symbolic Taint Analysis

    decouple data flow tracking logic from program execution. We continue this line of research in this paper ...

    arnold - December 11, 2021 - 7:57 pm

  4. Type Casting Verification: Stopping an Emerging Attack Vector

    detection problem has not been addressed by the security community. In this paper, we present CAVER, ...

    arnold - December 11, 2021 - 7:57 pm

  5. Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception

    Frederico Araujo and Kevin W. Hamlen, The University of Texas at Dallas An enhanced dynamic taint-tracking semantics is presented and implemented, facilitating fast and precise runtime secret redaction from legacy processes, such as those compiled from C/ ...

    arnold - December 11, 2021 - 7:57 pm

  6. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity

    Nicholas Carlini,  University of California, Berkeley;   Antonio Barresi, ETH Zürich; Mathias Payer, Purdue University; David Wagner, University of California, Berkeley;  Thomas R. Gross,  ETH Zürich Control-Flow Integrity (CFI) is a defense which prevent ...

    arnold - December 11, 2021 - 7:57 pm

  7. Automatic Generation of Data-Oriented Exploits

    Hong Hu, Zheng Leong Chua, Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang, National University of Singapore As defense solutions against control-flow hijacking attacks gain wide deployment, control-oriented exploits from memory errors become difficult ...

    arnold - December 11, 2021 - 7:57 pm

  8. RAPTOR: Routing Attacks on Privacy in Tor

    traffic at both ends of the communication path. In this paper, we show that prior attacks are just the tip ...

    arnold - December 11, 2021 - 7:57 pm

  9. Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services

    Institute of Technology This paper sheds light on crucial weaknesses in the design of hidden services that ...

    arnold - December 11, 2021 - 7:57 pm

  10. SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

    Xin Hu, IBM T. J. Watson Research Center; Raheem Beyah, Georgia Institute of Technology In this paper ...

    arnold - December 11, 2021 - 8:28 pm

  11. Marionette: A Programmable Network Traffic Obfuscation System

    circumvention scenarios where encrypted network traffic is filtered. In this paper, we present Marionette, the ...

    arnold - December 11, 2021 - 8:28 pm

  12. CONIKS: Bringing Key Transparency to End Users

    Marcela S. Melara and Aaron Blankstein, Princeton University; Joseph Bonneau, Stanford University and The Electronic Frontier Foundation; Edward W. Felten and Michael J. Freedman, Princeton University We present CONIKS, an end-user key verification servic ...

    arnold - December 11, 2021 - 8:28 pm

  13. Investigating the Computer Security Practices and Needs of Journalists

    provide that insight in this paper, by investigating the general and computer security practices of 15 ...

    arnold - December 11, 2021 - 8:28 pm

  14. Measuring Real-World Accuracies and Biases in Modeling Password Guessability

    Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, and Darya Kurilova, Carnegie Mellon University;  Michelle L. Mazurek, University of Maryland; William Melicher and Richard Shay, Carnegie Mellon University Pa ...

    arnold - December 11, 2021 - 8:28 pm

  15. Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound

    this paper we propose Sound-Proof, a usable and deployable two-factor authentication mechanism. ...

    arnold - December 11, 2021 - 8:28 pm

  16. Android Permissions Remystified: A Field Study on Contextual Integrity

    Primal Wijesekera, University of British Columbia; Arjun Baokar, Ashkan Hosseini, Serge Egelman, and David Wagner, University of California, Berkeley; Konstantin Beznosov, University of British Columbia We instrumented the Android platform to collect data ...

    arnold - December 11, 2021 - 8:28 pm

  17. Trends and Lessons from Three Years Fighting Malicious Extensions

    Nav Jagpal, Eric Dingle, Jean-Philippe Gravel, Panayiotis Mavrommatis, Niels Provos, Moheeb Abu Rajab, and Kurt Thomas, Google In this work we expose wide-spread efforts by criminals to abuse the Chrome Web Store as a platform for distributing malicious e ...

    arnold - December 11, 2021 - 8:28 pm

  18. Meerkat: Detecting Website Defacements through Image-based Object Recognition

    In this paper, we approach the problem of defacement detection from a different angle: we use ...

    arnold - December 11, 2021 - 8:28 pm

  19. Cookies Lack Integrity: Real-World Implications

    studied thoroughly. This paper aims to fill this gap with an in-depth empirical assessment of cookie ...

    arnold - December 11, 2021 - 8:59 pm

  20. The Unexpected Dangers of Dynamic JavaScript

    Sebastian Lekies, Ruhr-University Bochum; Ben Stock, Friedrich-Alexander-Universität Erlangen-Nürnberg; Martin Wentzel and Martin Johns, SAP SE Modern Web sites frequently generate JavaScript on-the-fly via server-side scripting, incorporating personalize ...

    arnold - December 11, 2021 - 8:59 pm

  21. ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities

    this paper, we present ZigZag, a system for hardening JavaScript-based web applications against ...

    arnold - December 11, 2021 - 8:59 pm

  22. In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services

    Suri, Technische Universität Darmstadt In this paper, we investigate the current use of data compression ... compressed streams in protocols and web applications. In this paper, we show that denial of services due to ...

    arnold - December 11, 2021 - 8:59 pm

  23. Bohatei: Flexible and Elastic DDoS Defense

    Seyed K. Fayaz, Yoshiaki Tobioka, and Vyas Sekar, Carnegie Mellon University; Michael Bailey, University of Illinois at Urbana-Champaign DDoS defense today relies on expensive and proprietary hardware appliances deployed at fixed locations. This introduce ...

    arnold - December 11, 2021 - 8:59 pm

  24. Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge

    and results in significant revenue loss. In this paper, we present a passive detection technique for ...

    arnold - December 11, 2021 - 8:59 pm

  25. Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents

    Yang Liu, Armin Sarabi, Jing Zhang, and Parinaz Naghizadeh, University of Michigan; Manish Karir, QuadMetrics, Inc.; Michael Bailey, University of Illinois at Urbana-Champaign; Mingyan Liu, University of Michigan and  QuadMetrics, Inc. In this study we ch ...

    arnold - December 11, 2021 - 8:59 pm

Pages