Cloak and dagger: from two permissions to complete control of the UI feedback loop

June 23, 2017June 18, 2017 ~ adriancolyer ~ 1 Comment

Cloak and dagger: from two permissions to complete control of the UI feedback loop Fratantonio et al., IEEE Security and Privacy 2017 If you're using Android, then 'cloak and dagger' is going to make for scary reading. It's a perfect storm of an almost undetectable attack that can capture passwords, pins, and ultimately obtain all … Continue reading Cloak and dagger: from two permissions to complete control of the UI feedback loop

IoT goes nuclear: creating a ZigBee chain reaction

June 22, 2017June 18, 2017 ~ adriancolyer ~ 23 Comments

IoT goes nuclear: creating a ZigBee chain reaction Ronen et al., IEEE Security and Privacy 2017 You probably don't need another reminder about the woeful state of security in IoT, but today's paper choice may well give you further pause for thought about the implications. The opening paragraph sounds like something out of science fiction … Continue reading IoT goes nuclear: creating a ZigBee chain reaction

The password reset MitM attack

June 21, 2017June 18, 2017 ~ adriancolyer ~ 12 Comments

The password reset MitM attack Gelernter et al., IEEE Security and Privacy 2017 The Password Reset Man-in-the-Middle (PRMitM) attack is really very simple, but that doesn't mean it's not dangerous. It involves persuading the user to sign-up for an account for some service under the attacker's control (maybe there's an enticing free download for example), … Continue reading The password reset MitM attack

How they did it: an analysis of emissions defeat devices in modern automobiles

June 20, 2017June 18, 2017 ~ adriancolyer

How they did it: an analysis of emission defeat devices in modern automobiles Contag et al., IEEE Security and Privacy 2017 We'll be looking at a selection of papers from the IEEE Security and Privacy 2017 conference over the next few days, starting with this wonderful tear down of the defeat devices used by Volkswagen … Continue reading How they did it: an analysis of emissions defeat devices in modern automobiles

Hardware is the new software

June 19, 2017June 18, 2017 ~ adriancolyer ~ 12 Comments

Hardware is the new software Baumann, HotOS'17 This is a very readable short paper that sheds an interesting light on what's been happening with the Intel x86 instruction set architecture (ISA) of late. We're seeing a sharp rise in the number and complexity of extensions, with some interesting implications for systems researchers (and for Intel!). … Continue reading Hardware is the new software

Why your encrypted database is not secure

June 16, 2017June 9, 2017 ~ adriancolyer ~ 3 Comments

Why your encrypted database is not secure Grubbs et al., HotOS'17 This is the third paper we've looked at so far in The Morning Paper on the topic of encrypted databases. The clear takeaway for me is that practical, provable security guarantees are very hard to deliver! Don't confuse better protection with unbreakable protection, and … Continue reading Why your encrypted database is not secure

Gray failure: the Achilles’ heel of cloud-scale systems

June 15, 2017June 9, 2017 ~ adriancolyer ~ 21 Comments

Gray failure: the Achilles' heel of cloud-scale systems Huang et al., HotOS'17 If you're going to fail, fail properly dammit! All this limping along in degraded mode, doing your best to mask problems, turns out to be one of the key causes of major availability breakdowns and performance anomalies in cloud-scale systems. Today's HotOS'17 paper … Continue reading Gray failure: the Achilles’ heel of cloud-scale systems

System programming in Rust: beyond safety

June 14, 2017June 9, 2017 ~ adriancolyer ~ 20 Comments

System programming in Rust: beyond safety Balasubramanian et al., HotOS'17 Balasubramanian et al. want us to switch all of our systems programming over to Rust. This paper sets out the case. Despite many advances in programming languages, clean-slate operating systems, hypervisors, key-value stores, web servers, network and storage frameworks are still developed in C, a … Continue reading System programming in Rust: beyond safety

A dissection of the test-driven development process: does it really matter to test-first or test-last?

June 13, 2017June 9, 2017 ~ adriancolyer ~ 4 Comments

A dissection of the test-driven development process: does it really matter to test-first or to test-last? Fucci et al., ICSE'17 Here we have a study with a really interesting aim - to find out which aspects of TDD are most significant when it comes to developer productivity and code quality. What we'd really love to … Continue reading A dissection of the test-driven development process: does it really matter to test-first or test-last?

Decoding the representation of code in the brain: an fMRI study of code review and expertise

June 12, 2017July 31, 2017 ~ adriancolyer ~ 1 Comment

Decoding the representation of code in the brain: an fMRI study of code review and expertise Floyd et al., ICSE'17 fMRI studies have been used to explore how our brains encode expertise in physical tasks involving specialised motor skills (for example, playing golf), in memory development (for example, London taxi drivers), and in mental skills … Continue reading Decoding the representation of code in the brain: an fMRI study of code review and expertise