Other articles

  1. SMoTherSpectre: transient execution attacks through port contention

    Side channel attacks such as Spectre or Meltdown allow data leakage from an unwilling process. Until now, transient execution side channel attacks primarily leveraged cache-based side channels to leak information. The very purpose of a cache, that of providing faster access to a subset of data, enables information leakage. While …

    read more
  2. Milkomeda: colliding galaxies or how to repurpose security checks across domains

    On one hand, GPUs expose broad functionality for graphics and machine learning workloads, on the other hand, this functionality may be exploited due to large amounts of unvetted code, complex functionality, and the information gap between user-space application, kernel, and the auxiliary GPU. We introduce a novel framework that allows …

    read more
  3. Automating data-only attacks through Block Oriented Programming (BOP)

    With the rise of strong control-flow defenses such as Control-Flow Integrity (CFI), attackers will increasingly resort to data-only attacks that can be equally powerful. Earlier research demonstrated that data-only attacks can be as devastating as control-flow hijacking attacks. So far, constructing data-only attacks was cumbersome and required deep manual analysis …

    read more
  4. A journey on evaluating Control-Flow Integrity (CFI): LLVM-CFI versus RAP

    This post started out of the need to provide a little more clarification after a long and heated discussions on Twitter (initial discussion and follow up) about the origins of Control-Flow Integrity (CFI), the contributions of academia, and the precision, performance, and compatibility of different existing implementations.

    CFI is a …

    read more
  5. The PC Experience

    Program Committee (PC) meetings are this mysterious event where the fate of our research projects is decided based on a review of our paper submission. Especially for beginning researchers (i.e., PhD students) it is unclear how the evaluation and review process actually works. From a student's perspective, a paper …

    read more
  6. Raising the BAR at NDSS 2018

    Just like every year, this year's NDSS was mid February in sunny (but not too warm) San Diego. To help cure the minimal 3 hour jetlag, I enjoyed a couple of morning runs with some of my colleagues -- if you want to get a workout done at a security conference …

    read more

Page 1 / 8 »