Three years of the Right To Be Forgotten Bertram et al., 2018 With thanks to Elie Bursztein for bringing this paper to my attention. See also Elie’s blog post ‘Insights about the first three years of the Right To Be Forgotten requests at Google.’ Following on from the GDPR we looked at yesterday, and which … Continue reading Three years of the Right To Be Forgotten
Category: Uncategorized
On purpose and by necessity: compliance under the GDPR
On purpose and by necessity: compliance under the GDPR Basin et al., FC'18 A year ago it seemed like hardly anyone in a technical role had heard of GDPR. Now it seems to be front of mind for everyone! Not surprising perhaps, as it comes into force on the 25th May this year. In today’s … Continue reading On purpose and by necessity: compliance under the GDPR
Designing secure Ethereum smart contracts: a finite state machine approach
Designing secure Ethereum smart contracts: a finite state machine based approach Mavridou & Laszka, FC’18 You could be forgiven for thinking I’m down on smart contracts, but I actually think they’re a very exciting development that opens up a whole new world of possibilities. That’s why I’m so keen to see better ways of developing … Continue reading Designing secure Ethereum smart contracts: a finite state machine approach
A quantitive analysis of the impact of arbitrary blockchain content on Bitcoin
A quantitative analysis of the impact of arbitrary blockchain content on Bitcoin Matzutt et al., FC’18 We’re leaving NDSS behind us now, and starting this week with a selection of papers from FC’18. First up is a really interesting analysis of what’s in the Bitcoin blockchain. But this isn’t your typical analysis of transactions, addresses, … Continue reading A quantitive analysis of the impact of arbitrary blockchain content on Bitcoin
When coding style survives compilation: de-anonymizing programmers from executable binaries
When coding style survives compilation: de-anonymizing programmers from executable binaries Caliskan et al., NDSS’18 As a programmer you have a unique style, and stylometry techniques can be used to fingerprint your style and determine with high probability whether or not a piece of code was written by you. That makes a degree of intuitive sense … Continue reading When coding style survives compilation: de-anonymizing programmers from executable binaries
Exposing congestion attack on emerging connected vehicle based traffic signal control
Exposing congestion attack on emerging connected vehicle based signal traffic signal control Chen et al., NDSS’18 I selected this paper as a great case study on the need to consider adversarial scenarios when deploying IoT and smart city systems. It was also an eye opener to me just how quickly the U.S. Department of Transport … Continue reading Exposing congestion attack on emerging connected vehicle based traffic signal control
Game of missuggestions: semantic analysis of search autocomplete manipulation
Game of missuggestions: semantic analysis of search autocomplete manipulations Wang et al., NDSS’18 Maybe I’ve been pretty naive here, but I really had no idea about the extent of manipulation (blackhat SEO) of autocomplete suggestions for search until I read this paper. But when you think about it, it makes sense that people would be … Continue reading Game of missuggestions: semantic analysis of search autocomplete manipulation
JavaScript Zero: real JavaScript, and zero side-channel attacks
JavaScript Zero: Real JavaScript and zero side-channel attacks Schwarz et al., NDSS’18 We’re moving from the server-side back to the client-side today, with a very topical paper looking at defences against micro-architectural and side-channel attacks in browsers. Since submission of the paper to NDSS’18, this subject grew in prominence of course with the announcement of … Continue reading JavaScript Zero: real JavaScript, and zero side-channel attacks
Synode: understanding and automatically preventing injection attacks on Node.js
Synode: understanding and automatically preventing injection attacks on Node.js Staicu et al., NDSS’18 If you’re using JavaScript on the server side (node.js), then you’ll want to understand the class of vulnerabilities described in this paper. JavaScript on the server side doesn’t enjoy some of the same protections as JavaScript running in a browser. In particular, … Continue reading Synode: understanding and automatically preventing injection attacks on Node.js
Settling payments fast and private: efficient decentralized routing for path-based transactions
Settling payments fast and private: efficient decentralized routing for path-based transactions Roos et al., NDSS’18 Peer-to-peer path-based-transaction (PBT) networks such as the Lightning Network address scalability, efficiency, and interoperability concerns with blockchains through off-chain transactions. They work by establishing decentralised chains of participants through which payments are routed. A PBT network builds on top of … Continue reading Settling payments fast and private: efficient decentralized routing for path-based transactions
the morning paper 