Search results

  1. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks

    Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard, Graz University of Technology In cloud computing environments, multiple tenants are often co-located on the same multi-processor system. Thus, preventing information leaka ...

    admin - December 9, 2021 - 7:09 pm

  2. fTPM: A Software-Only Implementation of a TPM Chip

    because they omit providing secure resources outside the CPU perimeter. This paper shows how to overcome ...

    admin - December 9, 2021 - 7:09 pm

  3. Hidden Voice Commands

    primary input method for many devices. We explore in this paper how they can be attacked with hidden voice ...

    admin - December 9, 2021 - 8:09 pm

  4. OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

    solutions. In this paper, we propose a new approach to protecting against persistent, global traffic analysis ...

    admin - December 9, 2021 - 8:09 pm

  5. AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels

    Bradley Reaves, Logan Blue, and Patrick Traynor, University of Florida Telephones remain a trusted platform for conducting some of our most sensitive exchanges. From banking to taxes, wide swathes of industry and government rely on telephony as a secure f ...

    admin - December 9, 2021 - 8:09 pm

  6. Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services

    Platon Kotzias, IMDEA Software Institute and Universidad Politécnica de Madrid; Leyla Bilge, Symantec Research Labs; Juan Caballero, IMDEA Software Institute Potentially unwanted programs (PUP) such as adware and rogueware, while not outright malicious, e ...

    admin - December 9, 2021 - 8:09 pm

  7. Trusted Browsers for Uncertain Times

    David Kohlbrenner and Hovav Shacham, University of California, San Diego JavaScript in one origin can use timing channels in browsers to learn sensitive information about a user’s interaction with other origins, violating the browser’s compartmentalizatio ...

    admin - December 9, 2021 - 8:09 pm

  8. Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos

    Chapel Hill In this paper, we introduce a novel approach to bypass modern face authentication systems. ...

    admin - December 9, 2021 - 8:09 pm

  9. Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage

    rigorous cryptanalysis. In this paper, we conduct a thorough analysis of iMessage to determine the security ...

    admin - December 9, 2021 - 8:09 pm

  10. Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis

    Yousra Aafer, Xiao Zhang, and Wenliang Du, Syracuse University Android customization offers substantially different experiences and rich functionalities to users. Every party in the customization chain, such as vendors and carriers, modify the OS and the ...

    admin - December 9, 2021 - 8:09 pm

  11. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation

    that he has no permission to access directly. In this paper, we explore row hammer attacks in cross-VM ...

    admin - December 9, 2021 - 8:09 pm

  12. The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO

    higher in recent years. In this paper, we reveal a new type of blackhat SEO infrastructure (called ...

    admin - December 9, 2021 - 8:09 pm

  13. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware

    specifically address the ransomware detection problem. In this paper, we present a novel dynamic analysis ...

    admin - December 9, 2021 - 9:09 pm

  14. Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images

    investigations. In this paper, we demonstrate a powerful smartphone memory forensics technique, called RetroScope, ...

    admin - December 9, 2021 - 9:09 pm

  15. All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption

    Yupeng Zhang, Jonathan Katz, and Charalampos Papamanthou, University of Maryland The goal of searchable encryption (SE) is to enable a client to execute searches over encrypted files stored on an untrusted server while ensuring some measure of privacy for ...

    admin - December 9, 2021 - 9:09 pm

  16. Authenticated Network Time Synchronization

    formally analyzed, require a pre-shared key, or are known to have cryptographic weaknesses. In this paper ...

    admin - December 9, 2021 - 9:09 pm

  17. Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks

    Lorrie Faith Cranor, Carnegie Mellon University Awarded Best Paper Human-chosen text passwords, today’s ...

    admin - December 9, 2021 - 9:09 pm

  18. DROWN: Breaking TLS Using SSLv2

    Nimrod Aviram, Tel Aviv University; Sebastian Schinzel, Münster University of Applied Sciences; Juraj Somorovsky, Ruhr University Bochum; Nadia Heninger, University of Pennsylvania; Maik Dankel, Münster University of Applied Sciences; Jens Steube, Hashcat ...

    admin - December 9, 2021 - 9:09 pm

  19. Oblivious Multi-Party Machine Learning on Trusted Processors

    Olga Ohrimenko, Felix Schuster, and Cédric Fournet, Microsoft Research; Aastha Mehta, Microsoft Research and Max Planck Institute for Software Systems (MPI-SWS); Sebastian Nowozin, Kapil Vaswani, and Manuel Costa, Microsoft Research Privacy-preserving mul ...

    admin - December 9, 2021 - 9:09 pm

  20. Poking Holes in Information Hiding

    Angelos Oikonomopoulos, Elias Athanasopoulos, Herbert Bos, and Cristiano Giuffrida, Vrije Universiteit Amsterdam ASLR is no longer a strong defense in itself, but it still serves as a foundation for sophisticated defenses that use randomization for pseudo ...

    admin - December 9, 2021 - 9:09 pm

  21. Making USB Great Again with USBFILTER

    user being unable to identify all of the functions attached to the host. In this paper, we present ...

    admin - December 9, 2021 - 9:09 pm

  22. Off-Path TCP Exploits: Global Rate Limit Considered Dangerous

    California, Riverside; Lisa M. Marvel, United States Army Research Laboratory In this paper, we report ...

    admin - December 9, 2021 - 9:09 pm

  23. Secure, Precise, and Fast Floating-Point Operations on x86 Processors

    computations introduce several side channels. This paper describes the first solution that closes these side ...

    admin - December 9, 2021 - 10:09 pm

  24. Request and Conquer: Exposing Cross-Origin Resource Size

    specific resources, an adversary can easily uncover personal and sensitive information. In this paper, we ...

    admin - December 9, 2021 - 10:09 pm

  25. Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution

    Peter Rindal and Mike Rosulek, Oregon State University We describe a highly optimized protocol for general purpose secure two-party computation (2PC) in the presence of malicious adversaries. Our starting point is a protocol of Kolesnikov et al. (TCC 2015 ...

    admin - December 9, 2021 - 10:09 pm

Pages