Search results

  1. Experimental Study of Fuzzy Hashing in Malware Clustering Analysis

    hashing algorithms for malware similarity analysis in the research literature. In this paper, we perform ...

    arnold - December 11, 2021 - 11:08 pm

  2. Engaging Novices in Cybersecurity Competitions: A Vision and Lessons Learned at ACM Tapia 2015

    these required areas. In this paper we discuss our experience in using Class Capture-the-Flag Exercises ...

    arnold - December 11, 2021 - 9:29 pm

  3. A Scaffolded, Metamorphic CTF for Reverse Engineering

    number of attempts to integrate them into a classroom environment. This paper describes MetaCTF, ...

    arnold - December 11, 2021 - 9:29 pm

  4. Using CTFs for an Undergraduate Cyber Education

    framework. In this paper we discuss our rationale for utilizing CTFs as part of our formal curriculum, as ...

    arnold - December 11, 2021 - 9:29 pm

  5. Multidisciplinary Experiential Learning for Holistic Cybersecurity Education, Research and Evaluation

    and clarity  of CTF challenges, and temporal constraints. This  paper argues that CTFs can offer ... improving their hands-on research  skills as well as their understanding of cyberattacks/ defense. The paper ... transparency  in the evaluation of CTFs. The paper also offers  some challenges of multidisciplinary ...

    arnold - December 11, 2021 - 9:29 pm

  6. Lessons Learned in Game Development for Crowdsourced Software Formal Verification

    Drew Dean, SRI International; Sean Gaurino and Leonard Eusebi, Charles River Analytics; Andrew Keplinger, Left Brain Games; Tim Pavlik, University of Washington; Ronald Watro, Raytheon BBN; Aaron Cammarata, VoidALPHA; John Murray, SRI International; Kelly ...

    arnold - December 11, 2021 - 9:29 pm

  7. Automatic Problem Generation for Capture-the-Flag Competitions

    problem and the flag are the same across the competition. In this paper we discuss automatic problem ...

    arnold - December 11, 2021 - 9:31 pm

  8. An Offline Capture The Flag-Style Virtual Machine and an Assessment of Its Value for Cybersecurity Education

    paper reports on the use of a virtual machine (VM) framework that has been developed as part of ...

    arnold - December 11, 2021 - 9:31 pm

  9. Leveraging Competitive Gamification for Sustainable Fun and Profit in Security Education

    currently more than 400 participants each year and 1,219 educated students since 2012. In this paper, we ...

    arnold - December 11, 2021 - 9:31 pm

  10. An Examination of the Vocational and Psychological Characteristics of Cybersecurity Competition Participants

    this paper presents the results of an extensive survey of cybersecurity competition participants. These ...

    arnold - December 11, 2021 - 9:31 pm

  11. FLEXTLS: A Tool for Testing TLS Implementations

    Bhargavan, INRIA Paris-Rocquencourt Awarded Best Paper! We present FLEXTLS, a tool for rapidly prototyping ...

    arnold - December 11, 2021 - 11:08 pm

  12. Prying Open Pandora's Box: KCI Attacks against TLS

    full-blown Man-in-the-Middle (MitM) attacks.  This paper discusses and analyzes KCI attacks in regard to the ...

    arnold - December 11, 2021 - 11:08 pm

  13. P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks

    Friedberg; Muttukrishnan Rajarajan, City University London In this paper, we demonstrate that the BitTorrent ...

    arnold - December 11, 2021 - 11:08 pm

  14. Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics

    DDoS attack has shown that HTML/JavaScript can be used to launch HTTP-based DoS attacks. In this paper ...

    arnold - December 11, 2021 - 11:39 pm

  15. Own Your Android! Yet Another Universal Root

    mitigations applied on the devices by various vendors. In this paper, we will present our universal root ...

    arnold - December 11, 2021 - 11:39 pm

  16. One Class to Rule Them All: 0-Day Deserialization Vulnerabilities in Android

    privileges. In this paper we also demonstrate a Proof-of-Concept exploit against the Google Nexus 5 device, ...

    arnold - December 11, 2021 - 11:39 pm

  17. RouteDetector: Sensor-based Positioning System That Exploits Spatio-Temporal Regularity of Human Mobility

    Takuya Watanabe, Waseda University; Mitsuaki Akiyama, NTT Secure Platform Labs; Tatsuya Mori, Waseda University We developed a novel, proof-of-concept side-channel attack framework called RouteDetector, which identifies a route for a train trip by simply ...

    arnold - December 11, 2021 - 11:39 pm

  18. SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems

    segments of code. In this paper, we demonstrate a system that is capable of emulating and instrumenting ...

    arnold - December 11, 2021 - 11:39 pm

  19. Symbolic Execution for BIOS Security

    Oleksandr Bazhaniuk, John Loucaides, Lee Rosenbaum, Mark R. Tuttle, and Vincent Zimmer, Intel Corporation We are building a tool that uses symbolic execution to search for BIOS security vulnerabilities including dangerous memory references (call outs) by ...

    arnold - December 11, 2021 - 11:39 pm

  20. IoTPOT: Analysing the Rise of IoT Compromises

    Yin Minn Pa Pa, Shogo Suzuki, Katsunari Yoshioka, and Tsutomu Matsumoto, Yokohama National University; Takahiro Kasama, National Institute of Information and Communications Technology; Christian Rossow, Saarland University We analyze the increasing threat ...

    arnold - December 11, 2021 - 11:39 pm

  21. Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers

    Paper! A wireless router is a networking device that enables a user to set up a wireless connection to ... attacks. In this paper, we compose a strategy on how to reverse-engineer embedded routers. Furthermore, we ...

    arnold - December 11, 2021 - 11:39 pm

  22. How to Break XML Encryption – Automatically

    possible. In this paper, we systematically analyze the chosen-ciphertext attacks on XML Encryption and ...

    arnold - December 11, 2021 - 11:39 pm

  23. Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring

    Gary Wang, Zachary J. Estrada, Cuong Pham, Zbigniew Kalbarczyk, and Ravishankar K. Iyer, University of Illinois at Urbana-Champaign Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized ...

    arnold - December 11, 2021 - 11:39 pm

  24. CAIN: Silently Breaking ASLR in the Cloud

    Antonio Barresi, ETH Zürich; Kaveh Razavi, VU University Amsterdam; Mathias Payer, Purdue University; Thomas R. Gross, ETH Zürich Modern systems rely on Address-Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) to protect software agai ...

    arnold - December 12, 2021 - 12:10 am

  25. Run-DMA

    Michael Rushanan and Stephen Checkoway, Johns Hopkins University Copying data from devices into main memory is a computationally-trivial, yet time-intensive, task. In order to free the CPU to perform more interesting work, computers use direct memory acce ...

    arnold - December 12, 2021 - 12:10 am

Pages