While traveling through Europe, I logged into my Expedia.com account and something odd happened: instead of being logged in, the Expedia system decided to redirect me to Expedia.ch and created a new account. Oddly, it copied all my credit card details, account information, frequent traveller details, and individual …read more
Installing printers can be a pain. Installing printers on Linux results in an even bigger pain. Installing printers with wrong and crappy drivers and no open-source alternative is an endless amount of pain.
Kudos to Canon for hitting the trifecta.
So I've set out to get the drivers for my …read more
Software contains bugs and some bugs are exploitable. Mitigations protect our systems in the presence of these vulnerabilities, often stopping the program when detecting a security violation. The alternative is to discover bugs during development and fixing them in the code. Despite massive efforts, finding and reproducing bugs is incredibly …read more
Side channel attacks such as Spectre or Meltdown allow data leakage from an unwilling process. Until now, transient execution side channel attacks primarily leveraged cache-based side channels to leak information. The very purpose of a cache, that of providing faster access to a subset of data, enables information leakage. While …read more
On one hand, GPUs expose broad functionality for graphics and machine learning workloads, on the other hand, this functionality may be exploited due to large amounts of unvetted code, complex functionality, and the information gap between user-space application, kernel, and the auxiliary GPU. We introduce a novel framework that allows …read more
With the rise of strong control-flow defenses such as Control-Flow Integrity (CFI), attackers will increasingly resort to data-only attacks that can be equally powerful. Earlier research demonstrated that data-only attacks can be as devastating as control-flow hijacking attacks. So far, constructing data-only attacks was cumbersome and required deep manual analysis …read more
This post started out of the need to provide a little more clarification after a long and heated discussions on Twitter (initial discussion and follow up) about the origins of Control-Flow Integrity (CFI), the contributions of academia, and the precision, performance, and compatibility of different existing implementations.
CFI is a …read more
Assuming you have given everything to write the best and most beautiful paper you can ever create, it is obvious that the reviewers must see your points and therefore write you a favorable review with a recommendation of strong accept. Unfortunately, this is not always the case and reviewers may …read more
After serious advertising of the NSF TTP program at several conferences throughout last year, I've decided to submit to the NSF TTP program last fall. The NSF TTP program is supposed to help transition research into practice, either by forming a company to commercialize a prototype or by developing a …read more
Page 1 / 8 »