Search results

  1. The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level

    Distinguished Paper Award Winner Digital security professionals use threat modeling to assess and improve the ...

    admin - December 3, 2021 - 10:30 pm

  2. A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning

    James C. Davis, Eric R. Williamson, and Dongyoon Lee, Virginia Tech The software development community is adopting the Event-Driven Architecture (EDA) to provide scalable web services, most prominently through Node.js. Though the EDA scales well, it comes ...

    admin - December 3, 2021 - 10:30 pm

  3. The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI

    In this paper, we collect seven datasets, including the largest corpus of code-signing certificates, ...

    admin - December 3, 2021 - 10:30 pm

  4. Guarder: A Tunable Secure Allocator

    Sam Silvestro, Hongyu Liu, and Tianyi Liu, University of Texas at San Antonio; Zhiqiang Lin, Ohio State University; Tongping Liu, University of Texas at San Antonio Due to the on-going threats posed by heap vulnerabilities, we design a novel secure alloca ...

    admin - December 3, 2021 - 10:30 pm

  5. teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts

    financial gain. In this paper, we consider the problem of automatic vulnerability identification and exploit ...

    admin - December 3, 2021 - 11:30 pm

  6. How Do Tor Users Interact With Onion Services?

    names that are long and difficult for humans to read. In this paper, we study how people perceive, ...

    admin - December 3, 2021 - 11:30 pm

  7. Shielding Software From Privileged Side-Channel Attacks

    This paper presents defenses against page table and last-level cache (LLC) side-channel attacks ...

    admin - December 3, 2021 - 11:30 pm

  8. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning

    Hamza Harkous, École Polytechnique Fédérale de Lausanne (EPFL); Kassem Fawaz, University of Wisconsin-Madison; Rémi Lebret, École Polytechnique Fédérale de Lausanne (EPFL); Florian Schaub and Kang G. Shin, University of Michigan; Karl Aberer, École Polyte ...

    admin - December 3, 2021 - 11:30 pm

  9. Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts

    Lorenz Breidenbach, Cornell Tech, IC3, ETH Zurich; Philip Daian, Cornell Tech, IC3; Florian Tramer, Stanford; Ari Juels, Cornell Tech, IC3, Jacobs Institute Bug bounties are a popular tool to help prevent software exploits. Yet, they lack rigorous princip ...

    admin - December 3, 2021 - 11:30 pm

  10. Tackling runtime-based obfuscation in Android with TIRO

    Michelle Y. Wong and David Lie, University of Toronto Obfuscation is used in malware to hide malicious activity from manual or automatic program analysis. On the Android platform, malware has had a history of using obfuscation techniques such as Java refl ...

    admin - December 3, 2021 - 11:30 pm

  11. All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems

    easily noticeable). In this paper, we explore the feasibility of a stealthy manipulation attack against ...

    admin - December 3, 2021 - 11:30 pm

  12. Meltdown: Reading Kernel Memory from User Space

    ranges are marked as non-accessible and are protected from user access. In this paper, we present ...

    admin - December 3, 2021 - 11:30 pm

  13. FANCI: Feature-based Automated NXDomain Classification and Intelligence

    Samuel Schüppen, RWTH Aachen University; Dominik Teubert, Siemens CERT; Patrick Herrmann and Ulrike Meyer, RWTH Aachen University FANCI is a novel system for detecting infections with domain generation algorithm (DGA) based malware by monitoring non-exist ...

    admin - December 3, 2021 - 11:30 pm

  14. With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning

    of publicly accessible Teacher models. In this paper, we describe our efforts to understand and ...

    admin - December 3, 2021 - 11:30 pm

  15. DIZK: A Distributed Zero Knowledge Proof System

    Howard Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, and Ion Stoica, UC Berkeley Recently there has been much academic and industrial interest in practical implementations of zero knowledge proofs. These techniques allow a party to prove to anoth ...

    admin - December 4, 2021 - 12:30 am

  16. When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks

    Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daume III, and Tudor Dumitras, University of Maryland Recent results suggest that attacks against supervised machine learning systems are quite effective, while defenses are easily bypassed by new attacks ...

    admin - December 4, 2021 - 12:30 am

  17. HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security

    paper, we present HeapHopper, an automated approach, based on model checking and symbolic execution, to ...

    admin - December 4, 2021 - 12:30 am

  18. Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes

    use of such information. The GDPR refers to these categories as sensitive personal data. This paper ...

    admin - December 4, 2021 - 12:30 am

  19. Effective Detection of Multimedia Protocol Tunneling using Machine Learning

    for censorship-resistant communication. In this paper, we conduct an experimental study of the ...

    admin - December 4, 2021 - 12:30 am

  20. Return Of Bleichenbacher’s Oracle Threat (ROBOT)

    Hanno Böck, unaffiliated; Juraj Somorovsky, Ruhr University Bochum, Hackmanit GmbH; Craig Young, Tripwire VERT In 1998 Bleichenbacher presented an adaptive chosen-ciphertext attack on the RSA PKCS~#1~v1.5 padding scheme. The attack exploits the availabili ...

    admin - December 4, 2021 - 12:30 am

  21. SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection

    Peng Gao, Princeton University; Xusheng Xiao, Case Western Reserve University; Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, and Chung Hwan Kim, NEC Laboratories America, Inc.; Sanjeev R. Kulkarni and Prateek Mittal, Princeton University Recently, advance ...

    admin - December 4, 2021 - 12:30 am

  22. O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web

    a massive security risk. In this paper we investigate the security implications of SSO and offer an in-depth ...

    admin - December 4, 2021 - 12:30 am

  23. A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation

    even when the author tries to remove privacy sensitive content. In this paper, we propose an automatic ...

    admin - December 4, 2021 - 12:30 am

  24. Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

    or authentication in such settings. In this paper, we begin reenvisioning access control and ...

    admin - December 4, 2021 - 12:30 am

  25. Modelling and Analysis of a Hierarchy of Distance Bounding Attacks

    Tom Chothia, Univ. of Birmingham; Joeri de Ruiter, Radboud University Nijmegen; Ben Smyth, University of Luxembourg We present an extension of the applied pi-calculus that can be used to model distance bounding protocols. A range of different security pro ...

    admin - December 4, 2021 - 1:30 am

Pages