Search results

  1. Alternative (ab)uses for HTTP Alternative Services

    Trishita Tiwari and Ari Trachtenberg, Boston University The HTTP Alternative Services header (Alt-Svc) was introduced in 2013 in a bid to streamline load balancing, protocol optimizations, and client segmentation, and it has since been subsequently implem ...

    admin - December 1, 2021 - 5:30 am

  2. MIN()imum Failure: EMFI Attacks against USB Stacks

    of faults in a target device without needing to physically modify the target. This paper uses EMFI to ...

    admin - December 1, 2021 - 5:30 am

  3. Taking a Look into Execute-Only Memory

    adversary to bypass the read-out restrictions. Altogether, the paper shows the insufficient security of the ...

    admin - December 1, 2021 - 5:30 am

  4. Two methods for exploiting speculative control flow hijacks

    Andrea Mambretti, Northeastern University; Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, and Anil Kurmus, IBM Research- Zurich Touted as the buffer overflows of the age, Spectre and Meltdown have created significant interest around ...

    admin - December 1, 2021 - 5:30 am

  5. Defeating Cisco Trust Anchor: A Case-Study of Recent Advancements in Direct FPGA Bitstream Manipulation

    a TAm protected Cisco router. By combining techniques presented in this paper with other recent ... all Cisco TAms implemented using Xilinx Spartan-6 FPGAs. The TAm exploit described in this paper ...

    admin - December 1, 2021 - 5:30 am

  6. Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO

    Sangsup Lee, Daejun Kim, Dongkwan Kim, Sooel Son, and Yongdae Kim, KAIST EOS is a popular cryptocurrency, whose market cap is over seven billion USD. Its ecosystem operates in the EOS.IO system, which is devised to speed up the slow transaction rate of pr ...

    admin - December 1, 2021 - 5:30 am

  7. Vacuums in the Cloud: Analyzing Security in a Hardened IoT Ecosystem

    mechanisms against tampering with devices and recorded data in the cloud. In this paper, the Neato BotVac ...

    admin - December 1, 2021 - 5:30 am

  8. Artifice: A Deniable Steganographic File System

    Austen Barker, Staunton Sample, Yash Gupta, Anastasia McTaggart, Ethan L. Miller, and Darrell D. E. Long, University of California Santa Cruz The challenge of deniability for sensitive data can be a life or death issue depending on location. Plausible den ...

    admin - December 1, 2021 - 1:30 am

  9. SPINE: Surveillance Protection in the Network Elements

    Trisha Datta, Nick Feamster, Jennifer Rexford, and Liang Wang, Princeton University Internet Protocol (IP) addresses can reveal information about communicating Internet users and devices, even when the rest of the traffic between them is encrypted. At the ...

    admin - December 1, 2021 - 1:30 am

  10. Improving Meek With Adversarial Techniques

    Steven Sheffey and Ferrol Aderholdt, Middle Tennessee State University As the internet becomes increasingly crucial to distributing information, internet censorship has become more pervasive and advanced. Tor aims to circumvent censorship, but adversaries ...

    admin - December 1, 2021 - 1:30 am

  11. Entanglements and Exploits: Sociotechnical Security as an Analytic Framework

    information systems. In this paper we propose a new framework of analysis to meet this challenge, ... participant communities. This exploratory paper offers an overview of sociotechnical systems, explains why ...

    admin - December 1, 2021 - 1:30 am

  12. Measuring I2P Censorship at a Global Scale

    revolves around the trade-off between depth of measurement and breadth of coverage. In this paper, we ...

    admin - December 1, 2021 - 1:30 am

  13. An Efficient Method to Determine which Combination of Keywords Triggered Automatic Filtering of a Message

    Ruohan Xiong and Jeffrey Knockel, Citizen Lab, University of Toronto WeChat, the most popular social media platform in China, has over one billion monthly active users. China-based users of the platform are subject to automatic filtering of chat messages ...

    admin - December 1, 2021 - 1:30 am

  14. On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention

    (Encrypted-SNI) is proposed for TLS 1.3, aiming at fixing this server name leakage. In this paper, we first ...

    admin - December 1, 2021 - 1:30 am

  15. An Assessment of the Usability of Cybercrime Datasets

    Ildiko Pete and Yi Ting Chua, University of Cambridge Short Preliminary Work Paper Cybersecurity ...

    michele - December 1, 2021 - 6:30 am

  16. Be Sensitive and Collaborative: Analyzing Impact of Coverage Metrics in Greybox Fuzzing

    superior than all the other metrics. In this paper, we report the first systematic study on the impact of ...

    michele - November 30, 2021 - 7:33 am

  17. On Design Inference from Binaries Compiled using Modern C++ Defenses

    information—into the binary, and enforce runtime security policies to assert type integrity. In this paper, we ...

    michele - November 30, 2021 - 7:33 am

  18. DECAF++: Elastic Whole-System Dynamic Taint Analysis

    overheads (when there is no tainted data) or rely on specific hardware features. In this paper, we propose ...

    michele - November 30, 2021 - 8:35 am

  19. Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum

    Zhen Cheng, Zhejiang University; Xinrui Hou, Xidian University; Runhuai Li and Yajin Zhou, Zhejiang University; Xiapu Luo, The Hong Kong Polytechnic University; Jinku Li, Xidian University; Kui Ren, Zhejiang University We performed the first systematic st ...

    michele - November 30, 2021 - 8:35 am

  20. Fingerprinting Tooling used for SSH Compromisation Attempts

    paper, we demonstrate that it is possible to utilize cipher suites and SSH version strings to generate ...

    michele - November 30, 2021 - 8:35 am

  21. Timing Patterns and Correlations in Spontaneous SCADA Traffic for Anomaly Detection

    traffic, so called spontaneous events, is not well-studied. This paper presents a novel approach to ...

    michele - November 30, 2021 - 8:35 am

  22. USBESAFE: An End-Point Solution to Protect Against USB-Based Attacks

    of access control in the USB protocol. In this paper, we propose USBESAFE as a mediator of the USB ...

    michele - November 30, 2021 - 8:35 am

  23. Minimal Kernel: An Operating System Architecture for TEE to Resist Board Level Physical Attacks

    Shijun Zhao, Institute of Software Chinese Academy of Sciences; Qianying Zhang, Capital Normal University Information Engineering College; Yu Qin, Wei Feng, and Dengguo Feng, Institute of Software Chinese Academy of Sciences ARM specifications recommend t ...

    michele - November 30, 2021 - 8:35 am

  24. ScaRR: Scalable Runtime Remote Attestation for Complex Systems

    Flavio Toffalini, Singapore University of Technology and Design; Eleonora Losiouk and Andrea Biondo, University of Padua; Jianying Zhou, Singapore University of Technology and Design; Mauro Conti, University of Padua The introduction of remote attestation ...

    michele - November 30, 2021 - 8:35 am

  25. Toward the Analysis of Embedded Firmware through Automated Re-hosting

    Eric Gustafson, UC Santa Barbara; Marius Muench, EURECOM; Chad Spensky, Nilo Redini, and Aravind Machiry, UC Santa Barbara; Yanick Fratantonio, Davide Balzarotti, and Aurelien Francillon, EURECOM; Yung Ryn Choe, Sandia National Laboratories; Christopher K ...

    michele - November 30, 2021 - 8:35 am

Pages