End of term

We’ve reached the end of term again and it’s time for me to take a few weeks off to recharge my brain, reorganise & refill my paper backlog, and get ready for 2018! I’ve been reading and summarising a computer science research paper every weekday for over three years now. The knowledge I’ve gained has ... Continue Reading

Solidus: confidential distributed ledger transactions using PVORM

Solidus: confidential distributed ledger transactions via PVORM Cecchetti et al., CCS’17 Tokens on blockchains can be used to represent assets, and the ledger provides trade settlement on-chain. In a straightforward public blockchain, pseudonyms and transaction values are all publicly visible. Uncovering the true identities behind the pseudonyms becomes a real possibility (‘A fistful of Bitcoins’). ... Continue Reading

Tail attacks on web applications

Tail attacks on web applications Shan et al., CCS’17 This paper introduces a stealthy DDoS attack on classic n-tier web applications. It is designed to push the tail latency high while simultaneously being very hard to detect using traditional monitoring tools. The attack exploits ‘millibottlenecks’ — caused by buffers in the system that fill up ... Continue Reading

Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers

Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers Luo et al., CCS’17 Towards the end of last year, browsing on mobile devices overtook browsing on the desktop. And so when we think about mobile security, in addition to thinking about malicious applications, we also need to start thinking much more seriously about mobile ... Continue Reading