Consequences of Compliance: The CrowdStrike Outage of 19 July 2024
Taking stock of the largest digital systems outage in history
Authors: Laura Nolan
Article shepherded by: Rik Farrow
Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing
Using LLMs to create seeds for fuzzing IoT binaries works well, as does keeping track of crashes occurring during the fuzzing of similar binaries.
Authors: Asmita, Yaroslav Oliinyk, Michael Scott, Ryan Tsang, Chongzhou Fang, Houman Homayoun
Article shepherded by: Rik Farrow
Choose One: Android Performance or Security!
Memory safety security mitigations on Android are undermined by its performance-driven system architecture, affecting even the newly introduced hardened memory allocator.
Authors: Philipp Mao, Mathias Payer
Article shepherded by: Rik Farrow
Data-Only Attacks Are Easier than You Think
Once considered too sophisticated and niche to pose a practical threat, data-only attacks can now be generated automatically with surprising ease.
Authors: Brian Johannesmeyer, Herbert Bos, Cristiano Giuffrida, Asia Slowinska
Article shepherded by: Rik Farrow
An Empirical Study of Rust-for-Linux: The Success, Dissatisfaction, and Compromise
Rust-for-Linux may not be as safe as it seems. We examine current experiences including performance Rust-for-Linux.
Authors: Hongyu Li, Liwei Guo, Yexuan Yang, Shangguang Wang, Mengwei Xu
Article shepherded by: Rik Farrow
Interview with Arnold Robbins
Arnold Robbins has been the maintainer of gawk for over three decades; he has also written or revised more than ten books related to Unix systems.
Authors: Rik Farrow, Arnold Robbins
Article shepherded by: Rik Farrow
Understanding and Improving Web Application Fingerprinting with WASABO
Web application fingerprinting tools can help both defenders and attackers. But how well do they actually work? We tested them in the lab and in the wild.
Authors: Nick Nikiforakis, Brian Kondracki
Article shepherded by: Rik Farrow
Telescope: Profiling Memory Access Patterns at the Terabyte-scale
Telescope is a new memory access profiling tool that can detect access patterns for terabytes-large working sets quickly, precisely and at low overheads.
Authors: Alan Nair, Sandeep Kumar, Aravinda Prasad
Article shepherded by: Rik Farrow
Anvil: Building Kubernetes Controllers That Do Not Break
Anvil is a set of tools used to prove the correctness of container controllers like Kubernetes, and includes several proven-correct examples of controllers.
Authors: Xudong Sun, Jiawei Tyler Gu, Cody Rivera, Tej Chajed, Jon Howell, Andrea Lattuada, Oded Padon, Lalith Suresh, Adriana Szekeres, Tianyin Xu
Article shepherded by: Rik Farrow
SIEVE: Cache eviction can be simple, effective, and scalable
SIEVE is a new cache eviction algorithm featuring the simplicity of FIFO with state-of-the-art performance; we describe how SIEVE works and why it's better.
Authors: Juncheng Yang, Yazhuo Zhang, Yao Yue, Ymir Vigfusson, Rashmi Vinayak
Article shepherded by: Rik Farrow
NSDI'24 Test-of-Time Award: Header Space Analysis
With almost 1,000 cites, Peyman Kazmian's NSDI'12 paper remains popular and has lead to the forming of a company.
Authors: Rik Farrow, Peyman Kazemian
Article shepherded by: Rik Farrow
Computer Architecture
A well-written and easy-to-read book that will be helpful to anyone interested in modern computer architectures.
Authors: Rik Farrow
Article shepherded by: Rik Farrow
Hunting for Risky Dependencies
With the rise of microservices and complex systems, service owners are less aware of the critical user journeys depending on their systems.
Authors: Theo Klein, Jennifer Klein
Article shepherded by: Rik Farrow
Understanding the Workload Characteristics of Large Language Model Development
We present an in-depth characterization study of a six-month LLM development workload trace collected from our GPU datacenter Acme of Shanghai AI Laboratory.
Authors: Qinghao Hu, Peng Sun, Tianwei Zhang
Article shepherded by: Rik Farrow
AppStack: An Agile Platform for Running Digital Public Services
Authors: Dimitris Mitropoulos, Georgios Tsoukalas
Article shepherded by: Rik Farrow
Interview with Gary McGraw
McGraw has a long history in both AI and security. In this interview, McGraw debunks myths about LLM security and how people think about LLMs.
Authors: Gary McGraw, Rik Farrow
Article shepherded by: Rik Farrow
You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks
We show that threat detection in enterprise networks suffers from blind spots through SIEM rule evasion and present a mitigation called Adaptive Misuse Detection.
Authors: Louis Hackländer-Jansen, Marco Herzog, Rafael Uetz
Article shepherded by: Rik Farrow
Code is not Natural Language: Unlock the Power of Semantics-Oriented Graph Representation for Binary Code Similarity Detection
The best binary code similarity detection have treated code as if it were natural language; our solution creates semantic representations of code for feeding into ML and is better.
Authors: Haojie He, Ziang Weng, Libo Chen
Article shepherded by: Rik Farrow
