enter search term and/or author name
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
Tielei Wang, Tao Wei, Guofei Gu, Wei Zou
Article No.: 15
Fuzz testing has proven successful in finding security vulnerabilities in large programs. However, traditional fuzz testing tools have a well-known common drawback: they are ineffective if most generated inputs are rejected at the early stage of...
Formal Reasoning about Physical Properties of Security Protocols
David Basin, Srdjan Capkun, Patrick Schaller, Benedikt Schmidt
Article No.: 16
Traditional security protocols are mainly concerned with authentication and key establishment and rely on predistributed keys and properties of cryptographic operators. In contrast, new application areas are emerging that establish and rely on...
Authenticated Dictionaries: Real-World Costs and Trade-Offs
Scott A. Crosby, Dan S. Wallach
Article No.: 17
Authenticated dictionaries are a widely discussed paradigm to enable verifiable integrity for data storage on untrusted servers, such as today’s widely used “cloud computing” resources, allowing a server to provide a...
Tamper-evident seals are used by many states’ election officials on voting machines and ballot boxes, either to protect the computer and software from fraudulent modification or to protect paper ballots from fraudulent substitution or...
Empowering End Users to Confine Their Own Applications: The Results of a Usability Study Comparing SELinux, AppArmor, and FBAC-LSM
Z. Cliffe Schreuders, Tanya McGill, Christian Payne
Article No.: 19
Protecting end users from security threats is an extremely difficult, but increasingly critical, problem. Traditional security models that focused on separating users from each other have proven ineffective in an environment of widespread software...
In this article we introduce a technique, guaranteeing access pattern privacy against a computationally bounded adversary, in outsourced data storage, with communication and computation overheads orders of magnitude better than existing...
CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites
Guang Xiang, Jason Hong, Carolyn P. Rose, Lorrie Cranor
Article No.: 21
Phishing is a plague in cyberspace. Typically, phish detection methods either use human-verified URL blacklists or exploit Web page features via machine learning techniques. However, the former is frail in terms of new phish, and the latter...