Search results

  1. The Secure Socket API: TLS as an Operating System Service

    Mark O'Neill, Scott Heidbrink, Jordan Whitehead, Tanner Perdue, Luke Dickinson, Torstein Collett, Nick Bonner, Kent Seamons, and Daniel Zappala, Brigham Young University 2018 Internet Defense Prize First Runner Up SSL/TLS libraries are notoriously ha ...

    admin - December 4, 2021 - 1:30 am

  2. Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks

    this paper, we present Rampart, which is a defense that protects web applications from sophisticated ...

    admin - December 4, 2021 - 1:30 am

  3. Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces

    this paper, we present the first technique, called Cantreader, to automatically detect and understand ...

    admin - December 4, 2021 - 1:30 am

  4. Arbitrum: Scalable, private smart contracts

    Harry Kalodner, Steven Goldfeder, Xiaoqi Chen, S. Matthew Weinberg, and Edward W. Felten, Princeton University We present Arbitrum, a cryptocurrency system that supports smart contracts without the limitations of scalability and privacy of systems previou ...

    admin - December 4, 2021 - 1:30 am

  5. NetHide: Secure and Practical Network Topology Obfuscation

    tracing as it is an essential network debugging tool. In this paper, we present NetHide, a network ...

    admin - December 4, 2021 - 1:30 am

  6. GAZELLE: A Low Latency Framework for Secure Neural Network Inference

    Chiraag Juvekar, MIT MTL; Vinod Vaikuntanathan, MIT CSAIL; Anantha Chandrakasan, MIT MTL The growing popularity of cloud-based machine learning raises natural questions about the privacy guarantees that can be provided in such settings. Our work tackles t ...

    admin - December 4, 2021 - 1:30 am

  7. Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers

    severity of the ReDoS problem in practice. This paper presents a large-scale study of ReDoS vulnerabilities ...

    admin - December 4, 2021 - 1:30 am

  8. Acquisitional Rule-based Engine for Discovering Internet-of-Things Devices

    paper, we propose an Acquisitional Rule-based Engine (ARE), which can automatically generate rules for ...

    admin - December 4, 2021 - 1:30 am

  9. DelegaTEE: Brokered Delegation Using Trusted Execution Environments

    Sinisa Matetic and Moritz Schneider, ETH Zurich; Andrew Miller, UIUC; Ari Juels, Cornell Tech; Srdjan Capkun, ETH Zurich We introduce a new concept called brokered delegation. Brokered delegation allows users to flexibly delegate credentials and rights fo ...

    admin - December 4, 2021 - 1:30 am

  10. AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning

    defenses incur large utility loss of users’ public data. In this paper, we present AttriGuard, a practical ...

    admin - December 4, 2021 - 2:30 am

  11. Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets

    Rolf van Wegberg and Samaneh Tajalizadehkhoob, Delft University of Technology; Kyle Soska, Carnegie Mellon University; Ugur Akyazi, Carlos Hernandez Ganan, and Bram Klievink, Delft University of Technology; Nicolas Christin, Carnegie Mellon University; Mi ...

    admin - December 4, 2021 - 2:30 am

  12. Automatic Heap Layout Manipulation for Exploitation

    integral to exploiting heap-based memory corruption vulnerabilities. In this paper we present the first ...

    admin - December 4, 2021 - 2:30 am

  13. Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies

    indirectly leak by revealing their presence. In this paper, we investigate the current state of the art of ...

    admin - December 4, 2021 - 2:30 am

  14. An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications

    real attacks. This paper seeks to bridge this gap with a large-scale empirical study on Web resource ...

    admin - December 4, 2021 - 2:30 am

  15. SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics

    easily bypass systems designed to protect sensitive networks against them. In this paper, we show that ... their cover file. Thus, as we show in this paper, our approach is not limited to detecting a particular ...

    admin - December 4, 2021 - 2:30 am

  16. An Empirical Analysis of Anonymity in Zcash

    this paper, we examine the extent to which anonymity is achieved in the deployed version of Zcash. We ...

    admin - December 4, 2021 - 2:30 am

  17. DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries

    Samuel Weiser, Graz University of Technology; Andreas Zankl, Fraunhofer AISEC; Raphael Spreitzer, Graz University of Technology; Katja Miller, Fraunhofer AISEC; Stefan Mangard, Graz University of Technology; Georg Sigl, Fraunhofer AISEC and Technical Univ ...

    admin - December 4, 2021 - 2:30 am

  18. BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid

    Saleh Soltan, Prateek Mittal, and H. Vincent Poor, Princeton University We demonstrate that an Internet of Things (IoT) botnet of high wattage devices–such as air conditioners and heaters–gives a unique ability to adversaries to launch large-scale coordin ...

    admin - December 4, 2021 - 2:30 am

  19. Bamboozling Certificate Authorities with BGP

    paper, we rigorously analyze attacks that an adversary can use to obtain a bogus certificate. We perform ...

    admin - December 4, 2021 - 2:30 am

  20. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution

    track of research papers, and increasingly also real-world industry applications, take advantage of the ...

    admin - December 4, 2021 - 3:30 am

  21. ACES: Automatic Compartments for Embedded Systems

    Abraham A Clements, Purdue University and Sandia National Labs; Naif Saleh Almakhdhub, Saurabh Bagchi, and Mathias Payer, Purdue University Securing the rapidly expanding Internet of Things (IoT) is critical. Many of these “things” are vulnerable bare-met ...

    admin - December 4, 2021 - 3:30 am

  22. Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation

    confidence among researchers, developers, and users. This paper proposes the Mutation-based soundness ...

    admin - December 4, 2021 - 3:30 am

  23. FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps

    Xiang Pan, Google Inc./Northwestern University; Yinzhi Cao, The Johns Hopkins University/Lehigh University; Xuechao Du and Boyuan He, Zhejiang University; Gan Fang, Palo Alto Networks; Yan Chen, Zhejiang University/Northwestern University Android apps hav ...

    admin - December 4, 2021 - 3:30 am

  24. Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path

    issues. In this paper, we perform a large-scale analysis of on-path DNS interception and shed light on its ...

    admin - December 4, 2021 - 3:30 am

  25. End-to-End Measurements of Email Spoofing Attacks

    Hang Hu and Gang Wang, Virginia Tech Spear phishing has been a persistent threat to users and organizations, and yet email providers still face key challenges to authenticate incoming emails. As a result, attackers can apply spoofing techniques to imperso ...

    admin - December 4, 2021 - 3:30 am

Pages