Detecting ROP with statistical learning of program characteristics

Detecting ROP with statistical learning of program characteristics Elsabagh et al., CODASPY '17 Return-oriented programming (ROP) attacks work by finding short instruction sequences in a process' executable memory (called gadgets) and chaining them together to achieve some goal of the attacker. For a quick introduction to ROP, see "The geometry of innocent flesh on the … Continue reading Detecting ROP with statistical learning of program characteristics

The curious case of the PDF converter that likes Mozart

The curious case of the PDF converter that likes Mozart: dissecting and mitigating the privacy risk of personal cloud apps Harkous et al., PoPET '16 This is the paper that preceded "If you can't beat them, join them" we looked at yesterday, and well worth interrupting our coverage of CODASPY '17 for. Harkous et al., … Continue reading The curious case of the PDF converter that likes Mozart

If you can’t beat them, join them: a usability approach to interdependent privacy in cloud apps

If you can't beat them, join them: a usability approach to interdependent privacy in cloud apps Harkous & Aberer, CODASPY '17 I'm quite used to thinking carefully about permissions before installing a Chrome browser extensions (they all seem to want permission to see absolutely everything - no thank you!). A similar issue comes up with … Continue reading If you can’t beat them, join them: a usability approach to interdependent privacy in cloud apps

A study of security vulnerabilities on Docker Hub

A study of security vulnerabilities on Docker Hub Shu et al., CODASPY '17 This is the first of five papers we'll be looking at this week from the ACM Conference on Data and Application Security and Privacy which took place earlier this month. Today's choice is a study looking at image vulnerabilities for container images … Continue reading A study of security vulnerabilities on Docker Hub