We introduce a new browser abuse scenario where an attacker uses local storage capabilities without the website's visitor knowledge to create a network of browsers for persistent storage and distribution of arbitrary data. We describe how security-aware ...

Privacy and security research has been very active concerning online social networks (OSN) as a vast amount of personal information is used and published (by users) within OSNs. However, most people do not pay attention on what personal information they ...

We present SeCore, which is a novel continuous extrospection system on multi-core ARM platform. SeCore leverages ARM TrustZone technology to keep one core in the secure world and assure the integrity of the static kernel data and code in the normal ...

Industrial control systems (ICS) are used to control and manage critical infrastructures and protecting these complex system and their interfaces, which can be exploited by internal and external attackers, are a vital security task. Sensors, as an ...

FIDO protocols enable online services to leverage native authenticators of end-user computing devices including fingerprint readers for authentication to replace or complement passwords. FIDO protocols also offer support for prompting a user to confirm ...

Android applications are vulnerable to reverse engineering which could result in tampering and repackaging of applications. Even though there are many off the shelf obfuscation tools that hardens Android applications, they are limited to basic ...

Obfuscation techniques have been conventionally used for legitimate applications, including preventing application reverse engineering, tampering and protecting intellectual property. A malware author could also leverage these benign techniques to hide ...

Early developments in code obfuscation were chiefly motivated by the needs of Digital Rights Management (DRM). Other suggested applications included intellectual property protection of software and code diversification to combat the monoculture problem ...

Keyboard acoustic side channel attacks to date have been mostly studied in the context of an adversary eavesdropping on keystrokes by placing a listening device near the intended victim creating a local eavesdropping scenario. However, being in close ...

The assessment of new vulnerabilities is an activity that accounts for information from several data sources and produces a 'severity' score for the vulnerability. The Common Vulnerability Scoring System (CVSS) is the reference standard for this ...

Today's computer networks are prone to sophisticated multi-step, multi-host attacks. Common approaches of identifying vulnerabilities and analyzing the security of such networks with naive methods such as counting the number of vulnerabilities, or ...

Price differentiation describes a marketing strategy to determine the price of goods on the basis of a potential customer's attributes like location, financial status, possessions, or behavior. Several cases of online price differentiation have been ...

The Internet of Things (IoT) consists of embedded devices that sense and manage our environment in a growing range of applications. Large-scale IoT systems such as smart cities require significant investment in both equipment and personnel. To maximize ...

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By hijacking a ...

This paper presents a proposal of a method to extract important byte sequences in malware samples to reduce the workload of human analysts who investigate the functionalities of the samples. This method, by applying convolutional neural network (CNN) ...

Developing secure Internet of Things (IoT) applications that are free of vulnerabilities and resilient against exploit is desirable for software developers and testers. In this paper, we present IoTVerif, an automated tool that can verify SSL/TLS (...

Leaked passwords from data breaches can pose a serious threat if users reuse or slightly modify the passwords for other services. With more services getting breached today, there is still a lack of a quantitative understanding of this risk. In this ...

Neo4j is a popular graph database that offers two versions; a paid enterprise edition and a free community edition. The enterprise edition offers customizable Role-Based Access Control (RBAC) features through custom developed procedures, while the ...

The Rust programming language has a safe memory model that promises to eliminate critical memory bugs. While the language is strong in doing so, its memory guarantees are lost when any unsafe blocks are used. Unsafe code is often needed to call library ...