The password reset MitM attack Gelernter et al., IEEE Security and Privacy 2017 The Password Reset Man-in-the-Middle (PRMitM) attack is really very simple, but that doesn't mean it's not dangerous. It involves persuading the user to sign-up for an account for some service under the attacker's control (maybe there's an enticing free download for example), … Continue reading The password reset MitM attack
How they did it: an analysis of emission defeat devices in modern automobiles Contag et al., IEEE Security and Privacy 2017 We'll be looking at a selection of papers from the IEEE Security and Privacy 2017 conference over the next few days, starting with this wonderful tear down of the defeat devices used by Volkswagen … Continue reading How they did it: an analysis of emissions defeat devices in modern automobiles
Hardware is the new software Baumann, HotOS'17 This is a very readable short paper that sheds an interesting light on what's been happening with the Intel x86 instruction set architecture (ISA) of late. We're seeing a sharp rise in the number and complexity of extensions, with some interesting implications for systems researchers (and for Intel!). … Continue reading Hardware is the new software
Why your encrypted database is not secure Grubbs et al., HotOS'17 This is the third paper we've looked at so far in The Morning Paper on the topic of encrypted databases. The clear takeaway for me is that practical, provable security guarantees are very hard to deliver! Don't confuse better protection with unbreakable protection, and … Continue reading Why your encrypted database is not secure
Gray failure: the Achilles' heel of cloud-scale systems Huang et al., HotOS'17 If you're going to fail, fail properly dammit! All this limping along in degraded mode, doing your best to mask problems, turns out to be one of the key causes of major availability breakdowns and performance anomalies in cloud-scale systems. Today's HotOS'17 paper … Continue reading Gray failure: the Achilles’ heel of cloud-scale systems
System programming in Rust: beyond safety Balasubramanian et al., HotOS'17 Balasubramanian et al. want us to switch all of our systems programming over to Rust. This paper sets out the case. Despite many advances in programming languages, clean-slate operating systems, hypervisors, key-value stores, web servers, network and storage frameworks are still developed in C, a … Continue reading System programming in Rust: beyond safety
A dissection of the test-driven development process: does it really matter to test-first or to test-last? Fucci et al., ICSE'17 Here we have a study with a really interesting aim - to find out which aspects of TDD are most significant when it comes to developer productivity and code quality. What we'd really love to … Continue reading A dissection of the test-driven development process: does it really matter to test-first or test-last?