End of term

December 15, 2017December 11, 2017 ~ adriancolyer ~ 15 Comments

We’ve reached the end of term again and it’s time for me to take a few weeks off to recharge my brain, reorganise & refill my paper backlog, and get ready for 2018! I’ve been reading and summarising a computer science research paper every weekday for over three years now. The knowledge I’ve gained has … Continue reading End of term

Bolt: anonymous payment channels for decentralized currencies – Part II

December 14, 2017December 9, 2017 ~ adriancolyer ~ 3 Comments

Bolt: anonymous payment channels for decentralized currencies Green and Miers et al., CCS’17 Yesterday we spent some time looking at what payment channels are, their role in helping Bitcoin to scale by taking some of the load off of the chain, and some payment channels constructions such as direct channels, indirect channels via an intermediary, … Continue reading Bolt: anonymous payment channels for decentralized currencies – Part II

Bolt: anonymous payment channels for decentralized currencies – part I

December 13, 2017December 9, 2017 ~ adriancolyer ~ 10 Comments

Bolt: anonymous payment channels for decentralized currencies Green and Miers et al., CCS’17 In which I tried not to rant. But did end up ranting just a little bit... The world of blockchains and cryptocurrencies seems to be growing at quite a pace. Yesterday we looked at Solidus, which provides confidentiality for transactions taking place … Continue reading Bolt: anonymous payment channels for decentralized currencies – part I

Solidus: confidential distributed ledger transactions using PVORM

December 12, 2017December 9, 2017 ~ adriancolyer ~ 2 Comments

Solidus: confidential distributed ledger transactions via PVORM Cecchetti et al., CCS’17 Tokens on blockchains can be used to represent assets, and the ledger provides trade settlement on-chain. In a straightforward public blockchain, pseudonyms and transaction values are all publicly visible. Uncovering the true identities behind the pseudonyms becomes a real possibility (‘A fistful of Bitcoins’). … Continue reading Solidus: confidential distributed ledger transactions using PVORM

Tail attacks on web applications

December 11, 2017December 9, 2017 ~ adriancolyer ~ 2 Comments

Tail attacks on web applications Shan et al., CCS’17 This paper introduces a stealthy DDoS attack on classic n-tier web applications. It is designed to push the tail latency high while simultaneously being very hard to detect using traditional monitoring tools. The attack exploits ‘millibottlenecks’ — caused by buffers in the system that fill up … Continue reading Tail attacks on web applications

Economic factors of vulnerability trade and exploitation

December 8, 2017December 3, 2017 ~ adriancolyer ~ 1 Comment

Economic factors of vulnerability trade and exploitation Allodi, CCS’17 Today we’re going on a tour inside a prominent Russian cybercrime market, identified in the paper as ‘RuMarket’ (not its real name). The author infiltrated the market using a fake identity, and was subsequently able to collect data on market activities from 2010 to 2017. RuMarket … Continue reading Economic factors of vulnerability trade and exploitation

Be selfish and avoid dilemmas: fork-after-withholding attacks on Bitcoin

December 7, 2017December 3, 2017 ~ adriancolyer ~ 7 Comments

Be selfish and avoid dilemmas: fork-after-withholding (FAW) attacks on Bitcoin Kwon et al., CCS’17 Bitcoin was designed to have no central authority. But power has an amazing way of concentrating. Mining solo is a bit like buying a lottery ticket - big payoff if you happen to win, but your chances of winning are pretty … Continue reading Be selfish and avoid dilemmas: fork-after-withholding attacks on Bitcoin

The dynamics of innocent flesh on the bone: code reuse ten years later

December 6, 2017December 3, 2017 ~ adriancolyer ~ 1 Comment

The dynamics of innocent flesh on the bone: code reuse ten years later van der Veen et al., CCS’17 It’s been ten years since the publication of “The geometry of innocent flesh on the bone,” the paper that introduce the notion of Return Oriented Programming and use of gadgets to craft exploits. In the intervening … Continue reading The dynamics of innocent flesh on the bone: code reuse ten years later

Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers

December 5, 2017December 3, 2017 ~ adriancolyer

Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers Luo et al., CCS’17 Towards the end of last year, browsing on mobile devices overtook browsing on the desktop. And so when we think about mobile security, in addition to thinking about malicious applications, we also need to start thinking much more seriously about mobile … Continue reading Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers

ffwd: delegation is (much) faster than you think

December 4, 2017December 5, 2017 ~ adriancolyer ~ 12 Comments

ffwd: delegation is (much) faster than you think Roghanchi et al., SOSP’17 (Note: the paper link above should give you access to this paper in the ACM DL when accessed from The Morning Paper blog. If you’re subscribed via email and don’t otherwise have access, you might need to go via the blog site to … Continue reading ffwd: delegation is (much) faster than you think