Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleDecember 2020
Workflow Integration Alleviates Identity and Access Management in Serverless Computing
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 496–509https://doi.org/10.1145/3427228.3427665As serverless computing continues to revolutionize the design and deployment of web services, it has become an increasingly attractive target to attackers. These adversaries are developing novel tactics for circumventing the ephemeral nature of ...
- research-articleDecember 2020
DPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUIC
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 332–344https://doi.org/10.1145/3427228.3427662QUIC is an emerging transport protocol that has the potential to replace TCP in the near future. As such, QUIC will become an important target for Deep Packet Inspection (DPI). Reliable DPI is essential, e.g., for corporate environments, to monitor ...
- ArticleDecember 2020
Up2Dep: Android Tool Support to Fix Insecure Code Dependencies
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 263–276https://doi.org/10.1145/3427228.3427658Third-party libraries, especially outdated versions, can introduce and multiply security & privacy related issues to Android applications. While prior work has shown the need for tool support for developers to avoid libraries with security problems, no ...
- research-articleDecember 2020
HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 454–465https://doi.org/10.1145/3427228.3427645Use-after-free (UAF) vulnerabilities, in which dangling pointers remain after memory is released, remain a persistent problem for applications written in C and C++. In order to protect legacy code, prior work has attempted to track pointer propagation ...
- research-articleDecember 2020
GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 582–596https://doi.org/10.1145/3427228.3427640With the development of computing and communication technologies, extremely large amount of data has been collected, stored, utilized, and shared, while new security and privacy challenges arise. Existing platforms do not provide flexible and practical ...
-
- research-articleDecember 2020
Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual Machine
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 386–400https://doi.org/10.1145/3427228.3427568Automatic exploit generation (AEG) is the challenge of determining the exploitability of a given vulnerability by exploring all possible execution paths that can result from triggering the vulnerability. Since typical AEG implementations might need to ...
- research-articleDecember 2020
FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 627–642https://doi.org/10.1145/3427228.3427297Browser fingerprinting consists into collecting attributes from a web browser. Hundreds of attributes have been discovered through the years. Each one of them provides a way to distinguish browsers, but also comes with a usability cost (e.g., ...
- research-articleDecember 2020
Efficient Oblivious Substring Search via Architectural Support
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 526–541https://doi.org/10.1145/3427228.3427296Performing private and efficient searches over encrypted outsourced data enables a flourishing growth of cloud based services managing sensitive data as the genomic, medical and financial ones. We tackle the problem of building an efficient indexing ...
- research-articleDecember 2020
Dragonblood is Still Leaking: Practical Cache-based Side-Channel in the Wild
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 291–303https://doi.org/10.1145/3427228.3427295Recently, the Dragonblood attacks have attracted new interests on the security of WPA-3 implementation and in particular on the Dragonfly code deployed on many open-source libraries. One attack concerns the protection of users passwords during ...
- research-articleDecember 2020
Reboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devices
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 428–441https://doi.org/10.1145/3427228.3427293Many IoT devices are geographically distributed without human administrators, which are maintained by a remote server to enforce security updates, ideally through machine-to-machine (M2M) management. However, malware often terminates the remote control ...
- research-articleDecember 2020
Security Study of Service Worker Cross-Site Scripting.
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 643–654https://doi.org/10.1145/3427228.3427290Nowadays, modern websites are utilizing service workers to provide users with app-like functionalities such as offline mode and push notifications. To handle such features, the service worker is equipped with special privileges including HTTP traffic ...
- research-articleDecember 2020
Voicefox: Leveraging Inbuilt Transcription to Enhance the Security of Machine-Human Speaker Verification against Voice Synthesis Attacks
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 870–883https://doi.org/10.1145/3427228.3427289In this paper, we propose Voicefox1, a defense against the threat of automated voice synthesis attacks in machine-based and human-based speaker verification applications. Voicefox is based on a hitherto undiscovered potential of speech-to-text ...
- research-articleDecember 2020
Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 69–83https://doi.org/10.1145/3427228.3427287For parents of young children and adolescents, the digital age has introduced many new challenges, including excessive screen time, inappropriate online content, cyber predators, and cyberbullying. To address these challenges, many parents rely on ...
- research-articleDecember 2020
CAPS: Smoothly Transitioning to a More Resilient Web PKI
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 655–668https://doi.org/10.1145/3427228.3427284Many recent proposals to increase the resilience of the Web PKI against misbehaving CAs face significant obstacles to deployment. These hurdles include (1) the requirement of drastic changes to the existing PKI players and their interactions, (2) the ...
- research-articleDecember 2020
Towards Realistic Membership Inferences: The Case of Survey Data
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 116–128https://doi.org/10.1145/3427228.3427282We consider the problem of membership inference attacks on aggregate survey data through the use of several real-world datasets and a published study as a model for the survey. We apply membership inference attacks from the literature, and discover that ...
- research-articleDecember 2020
IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging Wearables
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 706–716https://doi.org/10.1145/3427228.3427279Several sensitive operations, such as financial transactions, email construction, configurations of safety-critical devices (e.g., medical devices or smart home systems), are often performed via web interfaces from a host machine, usually a desktop or ...
- research-articleDecember 2020
Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UK
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 234–248https://doi.org/10.1145/3427228.3427275Secure messaging tools are an integral part of modern society. While there is a significant body of secure messaging research generally, there is a lack of information regarding users’ security and privacy perceptions and requirements for secure group ...
- research-articleDecember 2020
Spotlight: Malware Lead Generation at Scale
- Fabian Kaczmarczyck,
- Bernhard Grill,
- Luca Invernizzi,
- Jennifer Pullman,
- Cecilia M. Procopiuc,
- David Tao,
- Borbala Benko,
- Elie Bursztein
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 17–27https://doi.org/10.1145/3427228.3427273Malware is one of the key threats to online security today, with applications ranging from phishing mailers to ransomware and trojans. Due to the sheer size and variety of the malware threat, it is impractical to combat it as a whole. Instead, ...
- research-articleDecember 2020
On the Forensic Validity of Approximated Audit Logs
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 189–202https://doi.org/10.1145/3427228.3427272Auditing is an increasingly essential tool for the defense of computing systems, but the unwieldy nature of log data imposes significant burdens on administrators and analysts. To address this issue, a variety of techniques have been proposed for ...
- research-articleDecember 2020
Effect of Security Controls on Patching Window: A Causal Inference based Approach
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferencePages 556–566https://doi.org/10.1145/3427228.3427271In many organisations there are up to 15 security controls that help defenders accurately identify and prioritise information security risks. Due to the lack of clarity into the effectiveness and capabilities of these defences, and poor visibility to ...