When coding style survives compilation: de-anonymizing programmers from executable binaries

March 16, 2018March 11, 2018 ~ adriancolyer ~ 13 Comments

When coding style survives compilation: de-anonymizing programmers from executable binaries Caliskan et al., NDSS’18 As a programmer you have a unique style, and stylometry techniques can be used to fingerprint your style and determine with high probability whether or not a piece of code was written by you. That makes a degree of intuitive sense … Continue reading When coding style survives compilation: de-anonymizing programmers from executable binaries

Exposing congestion attack on emerging connected vehicle based traffic signal control

March 15, 2018March 11, 2018 ~ adriancolyer ~ 5 Comments

Exposing congestion attack on emerging connected vehicle based signal traffic signal control Chen et al., NDSS’18 I selected this paper as a great case study on the need to consider adversarial scenarios when deploying IoT and smart city systems. It was also an eye opener to me just how quickly the U.S. Department of Transport … Continue reading Exposing congestion attack on emerging connected vehicle based traffic signal control

Game of missuggestions: semantic analysis of search autocomplete manipulation

March 14, 2018March 11, 2018 ~ adriancolyer ~ 5 Comments

Game of missuggestions: semantic analysis of search autocomplete manipulations Wang et al., NDSS’18 Maybe I’ve been pretty naive here, but I really had no idea about the extent of manipulation (blackhat SEO) of autocomplete suggestions for search until I read this paper. But when you think about it, it makes sense that people would be … Continue reading Game of missuggestions: semantic analysis of search autocomplete manipulation

JavaScript Zero: real JavaScript, and zero side-channel attacks

March 13, 2018March 11, 2018 ~ adriancolyer ~ 6 Comments

JavaScript Zero: Real JavaScript and zero side-channel attacks Schwarz et al., NDSS’18 We’re moving from the server-side back to the client-side today, with a very topical paper looking at defences against micro-architectural and side-channel attacks in browsers. Since submission of the paper to NDSS’18, this subject grew in prominence of course with the announcement of … Continue reading JavaScript Zero: real JavaScript, and zero side-channel attacks

Synode: understanding and automatically preventing injection attacks on Node.js

March 12, 2018March 11, 2018 ~ adriancolyer ~ 6 Comments

Synode: understanding and automatically preventing injection attacks on Node.js Staicu et al., NDSS’18 If you’re using JavaScript on the server side (node.js), then you’ll want to understand the class of vulnerabilities described in this paper. JavaScript on the server side doesn’t enjoy some of the same protections as JavaScript running in a browser. In particular, … Continue reading Synode: understanding and automatically preventing injection attacks on Node.js

Settling payments fast and private: efficient decentralized routing for path-based transactions

March 9, 2018March 4, 2018 ~ adriancolyer

Settling payments fast and private: efficient decentralized routing for path-based transactions Roos et al., NDSS’18 Peer-to-peer path-based-transaction (PBT) networks such as the Lightning Network address scalability, efficiency, and interoperability concerns with blockchains through off-chain transactions. They work by establishing decentralised chains of participants through which payments are routed. A PBT network builds on top of … Continue reading Settling payments fast and private: efficient decentralized routing for path-based transactions

Zeus: Analyzing safety of smart contracts

March 8, 2018March 4, 2018 ~ adriancolyer ~ 7 Comments

Zeus: Analyzing safety of smart contracts Kalra et al., NDSS’18 I’m sure many readers of The Morning Paper are also relatively experienced programmers. So how does this challenge sound? I want you to write a program that has to run in a concurrent environment under Byzantine circumstances where any adversary can invoke your program with … Continue reading Zeus: Analyzing safety of smart contracts

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations

March 7, 2018March 4, 2018 ~ adriancolyer ~ 2 Comments

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations Andreou et al., NDSS’18 Let me start out by saying that I think it’s good Facebook are making an effort to provide more transparency to advertising. It’s good that Twitter announced they will do something similar too. It’s a shame though that … Continue reading Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations

Bug fixes, improvements, … and privacy leaks

March 6, 2018March 4, 2018 ~ adriancolyer

Bug fixes, improvements, ... and privacy leaks. A longitudinal study of PII leaks across Android app versions Ren et al., NDSS’18 It’s another cut of similar data today, but this time looking at how privacy information is leaked over time in different versions of an (Android mobile) app. You probably don’t need to read the … Continue reading Bug fixes, improvements, … and privacy leaks

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem

March 5, 2018March 4, 2018 ~ adriancolyer ~ 2 Comments

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem Razaghpanah et al., NDSS’18 Sadly you probably won’t be surprised to learn that this study reveals user tracking is widespread within the mobile app (Android) ecosystem. The focus is on third-party services included in apps, identified by the network domains they try … Continue reading Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem