Information flow reveals prediction limits in online social activity

March 26, 2018March 24, 2018 ~ adriancolyer ~ 4 Comments

Information flow reveals prediction limits in online social activity Bagrow et al., arVix 2017 If I know your friends, then I know a lot about you! Suppose you don’t personally use a given app/service, and so the provider doesn’t have data on you directly. However, many of your friends do use the app/service, and there’s … Continue reading Information flow reveals prediction limits in online social activity

Tracking ransomware end-to-end

March 23, 2018March 17, 2018 ~ adriancolyer ~ 7 Comments

Tracking ransomware end-to-end Huang et al., IEEE Security & Privacy 2018 With thanks to Elie Bursztein for bringing this paper to my attention. You get two for the price of one with today’s paper! Firstly, it’s a fascinating insight into the ransomware business and how it operates, with data gathered over a period of two … Continue reading Tracking ransomware end-to-end

Three years of the Right To Be Forgotten

March 22, 2018March 17, 2018 ~ adriancolyer

Three years of the Right To Be Forgotten Bertram et al., 2018 With thanks to Elie Bursztein for bringing this paper to my attention. See also Elie’s blog post ‘Insights about the first three years of the Right To Be Forgotten requests at Google.’ Following on from the GDPR we looked at yesterday, and which … Continue reading Three years of the Right To Be Forgotten

On purpose and by necessity: compliance under the GDPR

March 21, 2018March 17, 2018 ~ adriancolyer ~ 5 Comments

On purpose and by necessity: compliance under the GDPR Basin et al., FC'18 A year ago it seemed like hardly anyone in a technical role had heard of GDPR. Now it seems to be front of mind for everyone! Not surprising perhaps, as it comes into force on the 25th May this year. In today’s … Continue reading On purpose and by necessity: compliance under the GDPR

Designing secure Ethereum smart contracts: a finite state machine approach

March 20, 2018March 17, 2018 ~ adriancolyer ~ 2 Comments

Designing secure Ethereum smart contracts: a finite state machine based approach Mavridou & Laszka, FC’18 You could be forgiven for thinking I’m down on smart contracts, but I actually think they’re a very exciting development that opens up a whole new world of possibilities. That’s why I’m so keen to see better ways of developing … Continue reading Designing secure Ethereum smart contracts: a finite state machine approach

A quantitive analysis of the impact of arbitrary blockchain content on Bitcoin

March 19, 2018March 17, 2018 ~ adriancolyer ~ 10 Comments

A quantitative analysis of the impact of arbitrary blockchain content on Bitcoin Matzutt et al., FC’18 We’re leaving NDSS behind us now, and starting this week with a selection of papers from FC’18. First up is a really interesting analysis of what’s in the Bitcoin blockchain. But this isn’t your typical analysis of transactions, addresses, … Continue reading A quantitive analysis of the impact of arbitrary blockchain content on Bitcoin

When coding style survives compilation: de-anonymizing programmers from executable binaries

March 16, 2018March 11, 2018 ~ adriancolyer ~ 13 Comments

When coding style survives compilation: de-anonymizing programmers from executable binaries Caliskan et al., NDSS’18 As a programmer you have a unique style, and stylometry techniques can be used to fingerprint your style and determine with high probability whether or not a piece of code was written by you. That makes a degree of intuitive sense … Continue reading When coding style survives compilation: de-anonymizing programmers from executable binaries

Exposing congestion attack on emerging connected vehicle based traffic signal control

March 15, 2018March 11, 2018 ~ adriancolyer ~ 5 Comments

Exposing congestion attack on emerging connected vehicle based signal traffic signal control Chen et al., NDSS’18 I selected this paper as a great case study on the need to consider adversarial scenarios when deploying IoT and smart city systems. It was also an eye opener to me just how quickly the U.S. Department of Transport … Continue reading Exposing congestion attack on emerging connected vehicle based traffic signal control

Game of missuggestions: semantic analysis of search autocomplete manipulation

March 14, 2018March 11, 2018 ~ adriancolyer ~ 5 Comments

Game of missuggestions: semantic analysis of search autocomplete manipulations Wang et al., NDSS’18 Maybe I’ve been pretty naive here, but I really had no idea about the extent of manipulation (blackhat SEO) of autocomplete suggestions for search until I read this paper. But when you think about it, it makes sense that people would be … Continue reading Game of missuggestions: semantic analysis of search autocomplete manipulation

JavaScript Zero: real JavaScript, and zero side-channel attacks

March 13, 2018March 11, 2018 ~ adriancolyer ~ 6 Comments

JavaScript Zero: Real JavaScript and zero side-channel attacks Schwarz et al., NDSS’18 We’re moving from the server-side back to the client-side today, with a very topical paper looking at defences against micro-architectural and side-channel attacks in browsers. Since submission of the paper to NDSS’18, this subject grew in prominence of course with the announcement of … Continue reading JavaScript Zero: real JavaScript, and zero side-channel attacks