When coding style survives compilation: de-anonymizing programmers from executable binaries

March 16, 2018 ~ Adrian Colyer ~ 13 Comments

When coding style survives compilation: de-anonymizing programmers from executable binaries Caliskan et al., NDSS’18 As a programmer you have a unique style, and stylometry techniques can be used to fingerprint your style and determine with high probability whether or not a piece of code was written by you. That makes a degree of intuitive sense ... Continue Reading

Exposing congestion attack on emerging connected vehicle based traffic signal control

March 15, 2018 ~ Adrian Colyer ~ 5 Comments

Exposing congestion attack on emerging connected vehicle based signal traffic signal control Chen et al., NDSS’18 I selected this paper as a great case study on the need to consider adversarial scenarios when deploying IoT and smart city systems. It was also an eye opener to me just how quickly the U.S. Department of Transport ... Continue Reading

Game of missuggestions: semantic analysis of search autocomplete manipulation

March 14, 2018 ~ Adrian Colyer ~ 5 Comments

Game of missuggestions: semantic analysis of search autocomplete manipulations Wang et al., NDSS’18 Maybe I’ve been pretty naive here, but I really had no idea about the extent of manipulation (blackhat SEO) of autocomplete suggestions for search until I read this paper. But when you think about it, it makes sense that people would be ... Continue Reading

JavaScript Zero: real JavaScript, and zero side-channel attacks

March 13, 2018 ~ Adrian Colyer ~ 6 Comments

JavaScript Zero: Real JavaScript and zero side-channel attacks Schwarz et al., NDSS’18 We’re moving from the server-side back to the client-side today, with a very topical paper looking at defences against micro-architectural and side-channel attacks in browsers. Since submission of the paper to NDSS’18, this subject grew in prominence of course with the announcement of ... Continue Reading

Synode: understanding and automatically preventing injection attacks on Node.js

March 12, 2018 ~ Adrian Colyer ~ 6 Comments

Synode: understanding and automatically preventing injection attacks on Node.js Staicu et al., NDSS’18 If you’re using JavaScript on the server side (node.js), then you’ll want to understand the class of vulnerabilities described in this paper. JavaScript on the server side doesn’t enjoy some of the same protections as JavaScript running in a browser. In particular, ... Continue Reading

Settling payments fast and private: efficient decentralized routing for path-based transactions

March 9, 2018 ~ Adrian Colyer ~ Leave a comment

Settling payments fast and private: efficient decentralized routing for path-based transactions Roos et al., NDSS’18 Peer-to-peer path-based-transaction (PBT) networks such as the Lightning Network address scalability, efficiency, and interoperability concerns with blockchains through off-chain transactions. They work by establishing decentralised chains of participants through which payments are routed. A PBT network builds on top of ... Continue Reading

Zeus: Analyzing safety of smart contracts

March 8, 2018 ~ Adrian Colyer ~ 7 Comments

Zeus: Analyzing safety of smart contracts Kalra et al., NDSS’18 I’m sure many readers of The Morning Paper are also relatively experienced programmers. So how does this challenge sound? I want you to write a program that has to run in a concurrent environment under Byzantine circumstances where any adversary can invoke your program with ... Continue Reading

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations

March 7, 2018 ~ Adrian Colyer ~ 2 Comments

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations Andreou et al., NDSS’18 Let me start out by saying that I think it’s good Facebook are making an effort to provide more transparency to advertising. It’s good that Twitter announced they will do something similar too. It’s a shame though that ... Continue Reading

Bug fixes, improvements, … and privacy leaks

March 6, 2018 ~ Adrian Colyer ~ Leave a comment

Bug fixes, improvements, ... and privacy leaks. A longitudinal study of PII leaks across Android app versions Ren et al., NDSS’18 It’s another cut of similar data today, but this time looking at how privacy information is leaked over time in different versions of an (Android mobile) app. You probably don’t need to read the ... Continue Reading

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem

March 5, 2018 ~ Adrian Colyer ~ 2 Comments

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem Razaghpanah et al., NDSS’18 Sadly you probably won’t be surprised to learn that this study reveals user tracking is widespread within the mobile app (Android) ecosystem. The focus is on third-party services included in apps, identified by the network domains they try ... Continue Reading

the morning paper

a random walk through Computer Science research, by Adrian Colyer
Made delightfully fast by strattic

Month: March 2018