Tail attacks on web applications Shan et al., CCS’17 This paper introduces a stealthy DDoS attack on classic n-tier web applications. It is designed to push the tail latency high while simultaneously being very hard to detect using traditional monitoring tools. The attack exploits ‘millibottlenecks’ — caused by buffers in the system that fill up … Continue reading Tail attacks on web applications
Author: adriancolyer
Venture Partner with Accel in London, author of 'The Morning Paper'
Economic factors of vulnerability trade and exploitation
Economic factors of vulnerability trade and exploitation Allodi, CCS’17 Today we’re going on a tour inside a prominent Russian cybercrime market, identified in the paper as ‘RuMarket’ (not its real name). The author infiltrated the market using a fake identity, and was subsequently able to collect data on market activities from 2010 to 2017. RuMarket … Continue reading Economic factors of vulnerability trade and exploitation
Be selfish and avoid dilemmas: fork-after-withholding attacks on Bitcoin
Be selfish and avoid dilemmas: fork-after-withholding (FAW) attacks on Bitcoin Kwon et al., CCS’17 Bitcoin was designed to have no central authority. But power has an amazing way of concentrating. Mining solo is a bit like buying a lottery ticket - big payoff if you happen to win, but your chances of winning are pretty … Continue reading Be selfish and avoid dilemmas: fork-after-withholding attacks on Bitcoin
The dynamics of innocent flesh on the bone: code reuse ten years later
The dynamics of innocent flesh on the bone: code reuse ten years later van der Veen et al., CCS’17 It’s been ten years since the publication of “The geometry of innocent flesh on the bone,” the paper that introduce the notion of Return Oriented Programming and use of gadgets to craft exploits. In the intervening … Continue reading The dynamics of innocent flesh on the bone: code reuse ten years later
Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers
Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers Luo et al., CCS’17 Towards the end of last year, browsing on mobile devices overtook browsing on the desktop. And so when we think about mobile security, in addition to thinking about malicious applications, we also need to start thinking much more seriously about mobile … Continue reading Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers
ffwd: delegation is (much) faster than you think
ffwd: delegation is (much) faster than you think Roghanchi et al., SOSP’17 (Note: the paper link above should give you access to this paper in the ACM DL when accessed from The Morning Paper blog. If you’re subscribed via email and don’t otherwise have access, you might need to go via the blog site to … Continue reading ffwd: delegation is (much) faster than you think
Analyzing software requirements errors in safety-critical embedded systems
Analyzing software requirements errors in safety-critical embedded systems Lutz, IEEE Requirements Engineering, 1993 With thanks once more to @Di4naO (Thomas Depierre) who first brought this paper to my attention. We’re going even further back in time today to 1993, and a paper analysing safety-critical software errors uncovered during integration and system testing of the Voyager … Continue reading Analyzing software requirements errors in safety-critical embedded systems
The role of software in spacecraft accidents
The role of software in spacecraft accidents Leveson, AIAA Journal of Spacecraft and Rockets, 2004 With thanks to @Di4naO (Thomas Depierre) who first brought this paper to my attention. Following on from yesterday’s look at safety in AI systems, I thought it would make an interesting pairing to follow up with this 2004 paper from … Continue reading The role of software in spacecraft accidents
Concrete problems in AI safety
Concrete problems in AI safety Amodei, Olah, et al., arXiv 2016 This paper examines the potential for accidents in machine learning based systems, and the possible prevention mechanisms we can put in place to protect against them. We define accidents as unintended and harmful behavior that may emerge from machine learning systems when we specify … Continue reading Concrete problems in AI safety
Popularity predictions of Facebook videos for higher quality streaming
Popularity prediction of Facebook videos for higher quality streaming Tang et al., USENIX ATC’17 Suppose I could grant you access to a clairvoyance service, which could make one class of predictions about your business for you with perfect accuracy. What would you want to know, and what difference would knowing that make to your business? … Continue reading Popularity predictions of Facebook videos for higher quality streaming
the morning paper 