Search results

  1. On the effectiveness of mitigations against floating-point timing channels

    David Kohlbrenner and Hovav Shacham, UC San Diego The duration of floating-point instructions is a known timing side channel that has been used to break Same-Origin Policy (SOP) privacy on Mozilla Firefox and the Fuzz differentially private database. Seve ...

    admin - December 6, 2021 - 9:08 pm

  2. Reverse Engineering x86 Processor Microcode

    proprietary and have not been throughly analyzed yet. In this paper, we reverse engineer the microcode ...

    admin - December 6, 2021 - 9:08 pm

  3. "I Have No Idea What I'm Doing"- On the Usability of Deploying HTTPS

    promote the adoption of HTTPS, this paper aims to understand the reasons for why it has been so hard to ...

    admin - December 6, 2021 - 9:08 pm

  4. Phoenix: Rebirth of a Cryptographic Password-Hardening Service

    Russell W. F. Lai, Friedrich-Alexander-University Erlangen-Nürnberg, Chinese University of Hong Kong; Christoph Egger and Dominique Schröder, Friedrich-Alexander-University Erlangen-Nürnberg; Sherman S. M. Chow, Chinese University of Hong Kong Password re ...

    admin - December 6, 2021 - 9:08 pm

  5. CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory

    attacks on legacy systems. In this paper, we present the design and implementation of a practical and ...

    admin - December 6, 2021 - 9:08 pm

  6. Hacking in Darkness: Return-oriented Programming against Secure Enclaves

    Jaehyuk Lee and Jinsoo Jang, KAIST; Yeongjin Jang, Georgia Institute of Technology; Nohyun Kwak, Yeseul Choi, and Changho Choi, KAIST; Taesoo Kim, Georgia Institute of Technology; Marcus Peinado, Microsoft Research; Brent Byunghoon Kang, KAIST Intel Softw ...

    admin - December 6, 2021 - 9:08 pm

  7. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing

    attack only reveals page-level memory accesses within an enclave. In this paper, we explore a new, yet ...

    admin - December 6, 2021 - 9:39 pm

  8. DeTor: Provably Avoiding Geographic Regions in Tor

    excluding US Tor nodes definitively avoid the US 12% of the time. This paper presents DeTor, a set of ...

    admin - December 6, 2021 - 9:39 pm

  9. Measuring the Insecurity of Mobile Deep Links of Android

    paper, we conduct the first empirical measurement on various mobile deep links across apps and websites. ...

    admin - December 6, 2021 - 9:39 pm

  10. SmartPool: Practical Decentralized Pooled Mining

    Loi Luu, National University of Singapore; Yaron Velner, The Hebrew University of Jerusalem; Jason Teutsch, TrueBit Foundation; Prateek Saxena, National University of Singapore Cryptocurrencies such as Bitcoin and Ethereum are operated by a handful of min ...

    admin - December 6, 2021 - 9:39 pm

  11. MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning

    Hyung Lee, University of Georgia; Xiangyu Zhang and Dongyan Xu, Purdue University Distinguished Paper ... challenging. In this paper, we propose a semantics aware program annotation and instrumentation technique to ...

    admin - December 6, 2021 - 9:39 pm

  12. DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers

    Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, and Giovanni Vigna, UC Santa Barbara While kernel drivers have long been know to poses huge security risks, due to their privileged access and lower code quality, bug-finding ...

    admin - December 6, 2021 - 9:39 pm

  13. PDF Mirage: Content Masking Attack Against Information-Based Online Services

    with notable impact on real-world systems. Our first attack allows academic paper writers and reviewers ...

    admin - December 6, 2021 - 9:39 pm

  14. ROTE: Rollback Protection for Trusted Execution

    paper, we propose a new approach for rollback protection on SGX. The intuition behind our approach is ...

    admin - December 6, 2021 - 9:39 pm

  15. Towards Practical Tools for Side Channel Aware Software Engineering: 'Grey Box' Modelling for Instruction Leakages

    David McCann, Elisabeth Oswald, and Carolyn Whitnall, University of Bristol Power (along with EM, cache and timing) leaks are of considerable concern for developers who have to deal with cryptographic components as part of their overall software implement ...

    admin - December 6, 2021 - 9:39 pm

  16. When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers

    stories in usable security are rare. In this paper, however, we examine one notable security success: the ... Papers” project. During this effort, a large, diverse group of globally-distributed journalists met and ... Link is Strong: Secure Collaboration in the Case of the Panama Papers}, booktitle = {26th USENIX ...

    admin - December 6, 2021 - 9:39 pm

  17. Qapla: Policy compliance for database-backed systems

    Aastha Mehta and Eslam Elnikety, Max Planck Institute for Software Systems (MPI-SWS); Katura Harvey, University of Maryland, College Park and Max Planck Institute for Software Systems (MPI-SWS); Deepak Garg and Peter Druschel, Max Planck Institute for Sof ...

    admin - December 6, 2021 - 10:10 pm

  18. BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking

    expected precision. In this paper, we propose system call sliced segment equivalence checking, a hybrid ...

    admin - December 6, 2021 - 10:10 pm

  19. Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More

    little adversarial pressure. This paper evaluates the robustness of such tools if (or when) adversarial ...

    admin - December 6, 2021 - 10:10 pm

  20. CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds

    Kirill Nikitin, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, and Linus Gasser, École polytechnique fédérale de Lausanne (EPFL); Ismail Khoffi, University of Bonn; Justin Cappos, New York University; Bryan Ford, École polytechnique fédéra ...

    admin - December 6, 2021 - 10:10 pm

  21. Ninja: Towards Transparent Tracing and Debugging on ARM

    not sufficient to analyze the sophisticated malware. In this paper, we propose N INJA, a transparent ...

    admin - December 6, 2021 - 10:10 pm

  22. TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication

    Mark O’Neill, Scott Heidbrink, Scott Ruoti, Jordan Whitehead, Dan Bunker, Luke Dickinson, Travis Hendershot, Joshua Reynolds, Kent Seamons, and Daniel Zappala, Brigham Young University The current state of certificate-based authentication is messy, with b ...

    admin - December 6, 2021 - 10:10 pm

  23. Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities

    Microsoft Windows. In this paper, we present Digtool, an effective, binary-code-only, kernel vulnerability ...

    admin - December 6, 2021 - 10:10 pm

  24. Global Measurement of DNS Manipulation

    Paul Pearce, UC Berkeley; Ben Jones, Princeton; Frank Li, UC Berkeley; Roya Ensafi and Nick Feamster, Princeton; Nick Weaver, ICSI; Vern Paxson, UC Berkeley Despite the pervasive nature of Internet censorship and the continuous evolution of how and where ...

    admin - December 6, 2021 - 10:10 pm

  25. AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings

    Giuseppe Petracca, The Pennsylvania State University, US; Ahmad-Atamli Reineh, University of Oxford, UK; Yuqiong Sun, The Pennsylvania State University, US; Jens Grossklags, Technical University of Munich, DE; Trent Jaeger, The Pennsylvania State Universi ...

    admin - December 6, 2021 - 10:10 pm

Pages