Search results
-
A different cup of TI? The added value of commercial threat intelligence
organizations due to its hefty price tag. This paper presents the first empirical assessment of the services of ...admin - November 28, 2021 - 12:48 am
-
Walking Onions: Scaling Anonymity Networks while Protecting Users
Chelsea H. Komlo, University of Waterloo; Nick Mathewson, The Tor Project; Ian Goldberg, University of Waterloo Scaling anonymity networks offers unique security challenges, as attackers can exploit differing views of the network's topology to perfor ...admin - November 28, 2021 - 12:48 am
-
CopyCat: Controlled Instruction-Level Attacks on Enclaves
Daniel Moghimi, Worcester Polytechnic Institute; Jo Van Bulck, KU Leuven; Nadia Heninger, University of California, San Diego, CA, USA; Frank Piessens, KU Leuven; Berk Sunar, Worcester Polytechnic Institute The adversarial model presented by trusted execu ...admin - November 28, 2021 - 12:48 am
-
Drift with Devil: Security of Multi-Sensor Fusion based Localization in High-Level Autonomous Driving under GPS Spoofing
Junjie Shen, Jun Yeon Won, Zeyuan Chen, and Qi Alfred Chen, University of California, Irvine For high-level Autonomous Vehicles (AV), localization is highly security and safety critical. One direct threat to it is GPS spoofing, but fortunately, AV systems ...admin - November 28, 2021 - 12:48 am
-
Horizontal Privilege Escalation in Trusted Applications
Darius Suciu, Stony Brook University; Stephen McLaughlin and Laurent Simon, Samsung Research America; Radu Sion, Stony Brook University Trusted Execution Environments (TEEs) use hardware-based isolation to guard sensitive data from conventional monolithic ...admin - November 28, 2021 - 12:48 am
-
Preech: A System for Privacy-Preserving Speech Transcription
real-world use cases. In this paper, we propose Prεεch, an end-to-end speech transcription system which lies ...admin - November 28, 2021 - 12:48 am
-
Pancake: Frequency Smoothing for Encrypted Data Stores
Rachit Agarwal, Cornell University; Thomas Ristenpart, Cornell Tech Distinguished Paper Award Winner We ...admin - November 28, 2021 - 1:49 am
-
Hall Spoofing: A Non-Invasive DoS Attack on Grid-Tied Solar Inverter
"Pandora's Box" of unknown threats that could come from very unconventional ways. This paper ...admin - November 28, 2021 - 1:49 am
-
Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices
be more vulnerable devices in the DNS infrastructure. In this paper, we present a cache poisoning ...admin - November 28, 2021 - 1:49 am
-
Everything Old is New Again: Binary Security of WebAssembly
languages can translate to vulnerabilities in WebAssembly binaries. In this paper, we analyze to what extent ...admin - November 28, 2021 - 1:49 am
-
SkillExplorer: Understanding the Behavior of Skills in Large Scale
of natural languages. In this paper, we propose the first systematic study on behaviors of skills, ...admin - November 28, 2021 - 1:49 am
-
Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code
Fraser Brown, Stanford University; Deian Stefan, UC San Diego; Dawson Engler, Stanford University We describe and evaluate an extensible bug-finding tool, Sys, designed to automatically find security bugs in huge codebases, even when easy-to-find bugs hav ...admin - November 28, 2021 - 1:49 am
-
From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAY
Taegyu Kim, Purdue University; Chung Hwan Kim, University of Texas at Dallas; Altay Ozen, Fan Fei, Zhan Tu, Xiangyu Zhang, Xinyan Deng, Dave (Jing) Tian, and Dongyan Xu, Purdue University With wide adoption of robotic aerial vehicles (RAVs), their acciden ...admin - November 28, 2021 - 2:51 am
-
Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation
environments. In this paper, we report the first systematic study on real-world IoT access delegation, based upon ...admin - November 28, 2021 - 2:51 am
-
Differentially-Private Control-Flow Node Coverage for Software Usage Analysis
Hailong Zhang, Sufian Latif, Raef Bassily, and Atanas Rountev, The Ohio State University There are significant privacy concerns about the collection of usage data from deployed software. We propose a novel privacy-preserving solution for a problem of cent ...admin - November 28, 2021 - 2:51 am
-
USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
Hui Peng, Purdue University; Mathias Payer, EPFL The Universal Serial Bus (USB) connects external devices to a host. This interface exposes the OS kernels and device drivers to attacks by malicious devices. Unfortunately, kernels and drivers were develope ...admin - November 28, 2021 - 2:51 am
-
The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections
Michael A. Specter, James Koppel, and Daniel Weitzner, MIT In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called “Voatz.” Although there i ...admin - November 28, 2021 - 2:51 am
-
MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs
Hongxu Chen, University of Science and Technology of China and Nayang Technological University; Shengjian Guo, Baidu Security; Yinxing Xue, University of Science and Technology of China; Yulei Sui, University of Technology Sydney; Cen Zhang and Yuekang Li ...admin - November 28, 2021 - 2:51 am
-
TXSPECTOR: Uncovering Attacks in Ethereum from Transactions
detecting vulnerabilities in the smart contract bytecode, few have focused on transactions. In this paper ...admin - November 28, 2021 - 2:51 am
-
Secure Multi-party Computation of Differentially Private Median
Jonas Böhler, SAP Security Research; Florian Kerschbaum, University of Waterloo In this work, we consider distributed private learning. For this purpose, companies collect statistics about telemetry, usage and frequent settings from their users without di ...admin - November 28, 2021 - 2:51 am
-
PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists
Adam Oest, Yeganeh Safaei, and Penghui Zhang, Arizona State University; Brad Wardman and Kevin Tyers, PayPal; Yan Shoshitaishvili and Adam Doupé, Arizona State University; Gail-Joon Ahn, Arizona State University, Samsung Research Due to their ubiquity in ...admin - November 28, 2021 - 2:51 am
-
Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks
framework should implement this mode. In this paper we show that the BLE programming framework of the ...admin - November 28, 2021 - 3:53 am
-
Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference
Klas Leino and Matt Fredrikson, Carnegie Mellon University Membership inference (MI) attacks exploit the fact that machine learning algorithms sometimes leak information about their training data through the learned model. In this work, we study membershi ...admin - November 28, 2021 - 3:53 am
-
Droplet: Decentralized Authorization and Access Control for Encrypted Data Streams
ETH Zurich & UC Berkeley This paper presents Droplet, a decentralized data access control service. ... a decentralized authorization service that serves user-defined access policies. In this paper, we present ...admin - November 28, 2021 - 3:53 am
-
DatashareNetwork: A Decentralized Privacy-Preserving Search Engine for Investigative Journalists
Kasra Edalatnejad and Wouter Lueks, EPFL; Julien Pierre Martin; Soline Ledésert, Anne L'Hôte, and Bruno Thomas, ICIJ; Laurent Girod and Carmela Troncoso, EPFL Investigative journalists collect large numbers of digital documents during their investiga ...admin - November 28, 2021 - 3:53 am