BLeak: automatically debugging memory leaks in web applications

August 7, 2018August 5, 2018 ~ adriancolyer ~ 3 Comments

BLeak: Automatically debugging memory leaks in web applications Vilk & Berger, PLDI'18 BLeak is a Browser Leak debugger that finds memory leaks in web applications. You can use BLeak to test your own applications by following the instructions at http://bleak-detector.org. Guided by BLeak, we identify and fix over 50 memory leaks in popular libraries and … Continue reading BLeak: automatically debugging memory leaks in web applications

Here we go again!

August 6, 2018August 4, 2018 ~ adriancolyer ~ 7 Comments

It's time to start a new term on #themorningpaper. I read my very first #themorningpaper on the 30th July 2014 ("Why functional programming matters", Hughes 1990) and since then, bar three scheduled breaks a year, I've been reading a research paper every weekday. Since the 8th October 2014, I've also been posting a write-up of … Continue reading Here we go again!

End of term

July 9, 2018July 8, 2018 ~ adriancolyer ~ 5 Comments

It’s time to take my regular summer break from writing The Morning Paper - normal service will resume again on Monday 6th August. I’ll be topping up my paper backlog and scouting out interesting research during the break. If you’ve seen any great papers I haven’t already covered and that you think ‘The Morning Paper’ … Continue reading End of term

Oblix: an efficient oblivious search index

July 6, 2018July 5, 2018 ~ adriancolyer ~ 9 Comments

Oblix: an efficient oblivious search index Mishra et al., IEEE Security & Privacy 2018 Unfortunately, many known schemes that enable search queries on encrypted data achieve efficiency at the expense of security, as they reveal access patterns to the encrypted data. In this paper we present Oblix, a search index for encrypted data that is … Continue reading Oblix: an efficient oblivious search index

EnclaveDB: a secure database using SGX

July 5, 2018July 1, 2018 ~ adriancolyer ~ 8 Comments

EnclaveDB: A secure database using SGX Priebe et al., IEEE Security & Privacy 2018 This is a really interesting paper (if you’re into this kind of thing I guess!) bringing together the security properties of Intel’s SGX enclaves with the Hekaton SQL Server database engine. The result is a secure database environment with impressive runtime … Continue reading EnclaveDB: a secure database using SGX

Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU

July 4, 2018July 1, 2018 ~ adriancolyer ~ 7 Comments

Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU Frigo et al., IEEE Security & Privacy The general awareness of microarchitectural attacks is greatly increased since meltdown and spectre earlier this year. A lot of time and energy has been spent in defending against such attacks, with a threat model that assumes attacks originate from … Continue reading Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface

July 3, 2018July 1, 2018 ~ adriancolyer ~ 6 Comments

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface Venkatadri et al., IEEE Security and Privacy 2018 This is one of those jaw-hits-the-floor, can’t quite believe what I’m reading papers. The authors describe an attack exploiting Facebook’s custom audience feature, that can leak your PII. Specifically, we show how the adversary can … Continue reading Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface

The rise of the citizen developer: assessing the security impact of online app generators

July 2, 2018June 25, 2018 ~ adriancolyer ~ 6 Comments

The rise of the citizen developer: assessing the security impact of online app generators Oltrogge et al., IEEE Security & Privacy 2018 "Low code", "no code", "citizen developers", call it what you will, there’s been a big rise in platforms that seek to make it easy to develop applications for non-export developers. Today’s paper choice … Continue reading The rise of the citizen developer: assessing the security impact of online app generators

Debugging data flows in reactive programs

June 29, 2018June 24, 2018 ~ adriancolyer ~ 9 Comments

Debugging data flows in reactive programs Banken et al., ICSE'18 To round off our look at papers from ICSE, here’s a really interesting look at the challenges of debugging reactive applications (with a certain Erik Meijer credited among the authors). ... in recent years the use of Reactive Programming (RP) has exploded. Languages such as … Continue reading Debugging data flows in reactive programs

How not to structure your database-backed web applications: a study of performance bugs in the wild

June 28, 2018June 24, 2018 ~ adriancolyer ~ 27 Comments

How not to structure your database-backed web applications: a study of performance bugs in the wild Yang et al., ICSE'18 This is a fascinating study of the problems people get into when using ORMs to handle persistence concerns in their web applications. The authors study real-world applications and distil a catalogue of common performance anti-patterns. … Continue reading How not to structure your database-backed web applications: a study of performance bugs in the wild