Bounding data races in space and time – part I

August 9, 2018August 5, 2018 ~ adriancolyer ~ 5 Comments

Bounding data races in space and time Dolan et al., PLDI'18 Are you happy with your programming language’s memory model? In this beautifully written paper, Dolan et al. point out some of the unexpected behaviours that can arise in mainstream memory models (C++, Java) and why we might want to strive for something better. Then … Continue reading Bounding data races in space and time – part I

HHVM JIT: A profile-guided, region-based compiler for PHP and Hack

August 8, 2018August 5, 2018 ~ adriancolyer ~ 6 Comments

HHVM JIT: A profile-guided, region-based compiler for PHP and Hack Ottoni, PLDI'18 HHVM is a virtual machine for PHP and Hack (a PHP extension) which is used to power Facebook’s website among others. Today’s paper choice describes the second generation HHVM implementation, which delivered a 21.7% performance boost when running the Facebook website compared to … Continue reading HHVM JIT: A profile-guided, region-based compiler for PHP and Hack

BLeak: automatically debugging memory leaks in web applications

August 7, 2018August 5, 2018 ~ adriancolyer ~ 3 Comments

BLeak: Automatically debugging memory leaks in web applications Vilk & Berger, PLDI'18 BLeak is a Browser Leak debugger that finds memory leaks in web applications. You can use BLeak to test your own applications by following the instructions at http://bleak-detector.org. Guided by BLeak, we identify and fix over 50 memory leaks in popular libraries and … Continue reading BLeak: automatically debugging memory leaks in web applications

Here we go again!

August 6, 2018August 4, 2018 ~ adriancolyer ~ 7 Comments

It's time to start a new term on #themorningpaper. I read my very first #themorningpaper on the 30th July 2014 ("Why functional programming matters", Hughes 1990) and since then, bar three scheduled breaks a year, I've been reading a research paper every weekday. Since the 8th October 2014, I've also been posting a write-up of … Continue reading Here we go again!

End of term

July 9, 2018July 8, 2018 ~ adriancolyer ~ 5 Comments

It’s time to take my regular summer break from writing The Morning Paper - normal service will resume again on Monday 6th August. I’ll be topping up my paper backlog and scouting out interesting research during the break. If you’ve seen any great papers I haven’t already covered and that you think ‘The Morning Paper’ … Continue reading End of term

Oblix: an efficient oblivious search index

July 6, 2018July 5, 2018 ~ adriancolyer ~ 9 Comments

Oblix: an efficient oblivious search index Mishra et al., IEEE Security & Privacy 2018 Unfortunately, many known schemes that enable search queries on encrypted data achieve efficiency at the expense of security, as they reveal access patterns to the encrypted data. In this paper we present Oblix, a search index for encrypted data that is … Continue reading Oblix: an efficient oblivious search index

EnclaveDB: a secure database using SGX

July 5, 2018July 1, 2018 ~ adriancolyer ~ 8 Comments

EnclaveDB: A secure database using SGX Priebe et al., IEEE Security & Privacy 2018 This is a really interesting paper (if you’re into this kind of thing I guess!) bringing together the security properties of Intel’s SGX enclaves with the Hekaton SQL Server database engine. The result is a secure database environment with impressive runtime … Continue reading EnclaveDB: a secure database using SGX

Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU

July 4, 2018July 1, 2018 ~ adriancolyer ~ 7 Comments

Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU Frigo et al., IEEE Security & Privacy The general awareness of microarchitectural attacks is greatly increased since meltdown and spectre earlier this year. A lot of time and energy has been spent in defending against such attacks, with a threat model that assumes attacks originate from … Continue reading Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface

July 3, 2018July 1, 2018 ~ adriancolyer ~ 6 Comments

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface Venkatadri et al., IEEE Security and Privacy 2018 This is one of those jaw-hits-the-floor, can’t quite believe what I’m reading papers. The authors describe an attack exploiting Facebook’s custom audience feature, that can leak your PII. Specifically, we show how the adversary can … Continue reading Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface

The rise of the citizen developer: assessing the security impact of online app generators

July 2, 2018June 25, 2018 ~ adriancolyer ~ 6 Comments

The rise of the citizen developer: assessing the security impact of online app generators Oltrogge et al., IEEE Security & Privacy 2018 "Low code", "no code", "citizen developers", call it what you will, there’s been a big rise in platforms that seek to make it easy to develop applications for non-export developers. Today’s paper choice … Continue reading The rise of the citizen developer: assessing the security impact of online app generators