1. Milkomeda: colliding galaxies or how to repurpose security checks across domains

    On one hand, GPUs expose broad functionality for graphics and machine learning workloads, on the other hand, this functionality may be exploited due to large amounts of unvetted code, complex functionality, and the information gap between user-space application, kernel, and the auxiliary GPU. We introduce a novel framework that allows …

    read more
  2. Automating data-only attacks through Block Oriented Programming (BOP)

    With the rise of strong control-flow defenses such as Control-Flow Integrity (CFI), attackers will increasingly resort to data-only attacks that can be equally powerful. Earlier research demonstrated that data-only attacks can be as devastating as control-flow hijacking attacks. So far, constructing data-only attacks was cumbersome and required deep manual analysis …

    read more
  3. A journey on evaluating Control-Flow Integrity (CFI): LLVM-CFI versus RAP

    This post started out of the need to provide a little more clarification after a long and heated discussions on Twitter (initial discussion and follow up) about the origins of Control-Flow Integrity (CFI), the contributions of academia, and the precision, performance, and compatibility of different existing implementations.

    CFI is a …

    read more
  4. The PC Experience

    Program Committee (PC) meetings are this mysterious event where the fate of our research projects is decided based on a review of our paper submission. Especially for beginning researchers (i.e., PhD students) it is unclear how the evaluation and review process actually works. From a student's perspective, a paper …

    read more
  5. Raising the BAR at NDSS 2018

    Just like every year, this year's NDSS was mid February in sunny (but not too warm) San Diego. To help cure the minimal 3 hour jetlag, I enjoyed a couple of morning runs with some of my colleagues -- if you want to get a workout done at a security conference …

    read more
  6. SyScan+360 in Seattle

    Just a couple of days after Oakland '17 I attended my next information security conference. This year, SyScan+360 was in Seattle and I used the time between Oakland and SyScan for a nice road trip from San Jose to Seattle. SyScan is not an academic but an industry conference …

    read more

« Page 2 / 8 »

links

social