Smoke: fine-grained lineage at interactive speed

September 24, 2018 ~ Adrian Colyer ~ 5 Comments

Smoke: fine-grained lineage at interactive speed Psallidas et al., VLDB'18 Data lineage connects the input and output data items of a computation. Given a set of output records, a backward lineage query selects a subset of the output records and asks "which input records contributed to these results?" A forward lineage query selects a subset ... Continue Reading

Same-different problems strain convolutional neural networks

September 21, 2018 ~ Adrian Colyer ~ 1 Comment

Same-different problems strain convolutional neural networks Ricci et al., arXiv 2018 Since we’ve been looking at the idea of adding structured representations and relational reasoning to deep learning systems, I thought it would be interesting to finish off the week with an example of a problem that seems to require it: detecting whether objects in ... Continue Reading

Relational inductive biases, deep learning, and graph networks

September 19, 2018 ~ Adrian Colyer ~ 9 Comments

Relational inductive biases, deep learning, and graph networks Battaglia et al., arXiv'18 Earlier this week we saw the argument that causal reasoning (where most of the interesting questions lie!) requires more than just associational machine learning. Structural causal models have at their core a graph of entities and relationships between them. Today we’ll be looking ... Continue Reading

The seven tools of causal inference with reflections on machine learning

September 17, 2018 ~ Adrian Colyer ~ 8 Comments

The seven tools of causal inference with reflections on machine learning Pearl, CACM 2018 With thanks to @osmandros for sending me a link to this paper on twitter. In this technical report Judea Pearl reflects on some of the limitations of machine learning systems that are based solely on statistical interpretation of data. To understand ... Continue Reading

An empirical analysis of anonymity in Zcash

September 14, 2018 ~ Adrian Colyer ~ Leave a comment

An empirical analysis of anonymity in Zcash Kappos et al., USENIX Security'18 As we’ve seen before, in practice Bitcoin offers little in the way of anonymity. Zcash on the other hand was carefully designed with privacy in mind. It offers strong theoretical guarantees concerning privacy. So in theory users of Zcash can remain anonymous. In ... Continue Reading

QSYM: a practical concolic execution engine tailored for hybrid fuzzing

September 12, 2018 ~ Adrian Colyer ~ Leave a comment

QSYM: a practical concolic execution engine tailored for hybrid fuzzing Yun et al., USENIX Security 2018 There are two main approaches to automated test case generated for uncovering bugs and vulnerabilities: fuzzing and concolic execution. Fuzzing is good at quickly exploring the input space, but can get stuck when trying to get past more complex ... Continue Reading

NAVEX: Precise and scalable exploit generation for dynamic web applications

September 10, 2018 ~ Adrian Colyer ~ 10 Comments

NAVEX: Precise and scalable exploit generation for dynamic web applications Alhuzali et al., USENIX Security 2018 NAVEX (https://github.com/aalhuz/navex) is a very powerful tool for finding executable exploits in dynamic web applications. It combines static and dynamic analysis (to cope with dynamically generated web content) to find vulnerable points in web applications, determine whether inputs to ... Continue Reading

Unveiling and quantifying Facebook exploitation of sensitive personal data for advertising purposes

September 7, 2018 ~ Adrian Colyer ~ 3 Comments

Unveiling and quantifying Facebook exploitation of sensitive personal data for advertising purposes Cabañas et al., USENIX Security 2018 Earlier this week we saw how the determined can still bypass most browser and tracker-blocking extension protections to track users around the web. Today’s paper is a great example of why you should care about that. Cabañas ... Continue Reading

Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies

September 5, 2018 ~ Adrian Colyer ~ 8 Comments

Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies from the Franken et al., USENIX Security 2018 This paper won a ‘Distinguished paper’ award at USENIX Security 2018, as well as the 2018 Internet Defense Prize. It’s an evaluation of the defense mechanisms built into browsers (and via extensions / add-ons) ... Continue Reading

Fear the reaper: characterization and fast detection of card skimmers

September 3, 2018 ~ Adrian Colyer ~ 16 Comments

Fear the reaper: characterization and fast detection of card skimmers Scaife et al., USENIX Security 2018 Until I can get my hands on a Skim Reaper I’m not sure I’ll ever trust an ATM or other exposed card reading device (e.g., at garages) again! Scaife et al. conduct a study of skimming devices found by ... Continue Reading

the morning paper

a random walk through Computer Science research, by Adrian Colyer
Made delightfully fast by strattic

Uncategorized