Synode: understanding and automatically preventing injection attacks on Node.js

March 12, 2018March 11, 2018 ~ adriancolyer ~ 6 Comments

Synode: understanding and automatically preventing injection attacks on Node.js Staicu et al., NDSS’18 If you’re using JavaScript on the server side (node.js), then you’ll want to understand the class of vulnerabilities described in this paper. JavaScript on the server side doesn’t enjoy some of the same protections as JavaScript running in a browser. In particular, … Continue reading Synode: understanding and automatically preventing injection attacks on Node.js

Settling payments fast and private: efficient decentralized routing for path-based transactions

March 9, 2018March 4, 2018 ~ adriancolyer

Settling payments fast and private: efficient decentralized routing for path-based transactions Roos et al., NDSS’18 Peer-to-peer path-based-transaction (PBT) networks such as the Lightning Network address scalability, efficiency, and interoperability concerns with blockchains through off-chain transactions. They work by establishing decentralised chains of participants through which payments are routed. A PBT network builds on top of … Continue reading Settling payments fast and private: efficient decentralized routing for path-based transactions

Zeus: Analyzing safety of smart contracts

March 8, 2018March 4, 2018 ~ adriancolyer ~ 7 Comments

Zeus: Analyzing safety of smart contracts Kalra et al., NDSS’18 I’m sure many readers of The Morning Paper are also relatively experienced programmers. So how does this challenge sound? I want you to write a program that has to run in a concurrent environment under Byzantine circumstances where any adversary can invoke your program with … Continue reading Zeus: Analyzing safety of smart contracts

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations

March 7, 2018March 4, 2018 ~ adriancolyer ~ 2 Comments

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations Andreou et al., NDSS’18 Let me start out by saying that I think it’s good Facebook are making an effort to provide more transparency to advertising. It’s good that Twitter announced they will do something similar too. It’s a shame though that … Continue reading Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations

Bug fixes, improvements, … and privacy leaks

March 6, 2018March 4, 2018 ~ adriancolyer

Bug fixes, improvements, ... and privacy leaks. A longitudinal study of PII leaks across Android app versions Ren et al., NDSS’18 It’s another cut of similar data today, but this time looking at how privacy information is leaked over time in different versions of an (Android mobile) app. You probably don’t need to read the … Continue reading Bug fixes, improvements, … and privacy leaks

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem

March 5, 2018March 4, 2018 ~ adriancolyer ~ 2 Comments

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem Razaghpanah et al., NDSS’18 Sadly you probably won’t be surprised to learn that this study reveals user tracking is widespread within the mobile app (Android) ecosystem. The focus is on third-party services included in apps, identified by the network domains they try … Continue reading Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem

Towards web-based delta synchronization for cloud storage systems

March 2, 2018February 24, 2018 ~ adriancolyer ~ 2 Comments

Towards web-based delta synchronization for cloud storage systems Xiao et al., FAST’18 If you use Dropbox (or an equivalent service) to synchronise file between your Mac or PC and the cloud, then it uses an efficient delta-sync (rsync) protocol to only upload the parts of a file that have changed. If you use a web … Continue reading Towards web-based delta synchronization for cloud storage systems

Clay codes: moulding MDS codes to yield an MSR code

March 1, 2018February 24, 2018 ~ adriancolyer ~ 1 Comment

Clay codes: moulding MDS codes to yield an MSR code Vajha et al., FAST’18 As we know, storage fails (or the nodes to which it is directly attached, which amounts to pretty much the same thing). Assuming we can detect the failure, we need to recover from it. In order to be able to recover, … Continue reading Clay codes: moulding MDS codes to yield an MSR code

Barrier-enabled IO stack for Flash storage

February 28, 2018February 24, 2018 ~ adriancolyer ~ 1 Comment

Barrier-enabled IO stack for flash storage Won et al., FAST’18 The performance of Flash storage has benefited greatly from concurrency and parallelism - for example, multi-channel controllers, large caches, and deep command queues. At the same time, the time to program an individual Flash cell has stayed fairly static (and even become slightly worse in … Continue reading Barrier-enabled IO stack for Flash storage

Protocol aware recovery for consensus-based storage

February 27, 2018February 24, 2018 ~ adriancolyer ~ 3 Comments

Protocol aware recovery for consensus based storage Alagappan et al., FAST’18 Following on from their excellent previous work on ‘All file systems are not created equal’ (well worth a read if you haven’t encountered it yet), in this paper the authors look at how well some of our most reliable protocols — those used in … Continue reading Protocol aware recovery for consensus-based storage