Material De Usenix Security 17, sesiones técnicas y talleres
Hace una semana se celebró en Canadá la conferencia “académica” sobre ciber seguridad Usenix junto a un puñado de talleres. Todo el material está disponible de forma gratuita para descarga de ambos eventos: Sesiones Técnicas y Talleres.
Aquí tenéis la lista completa de las charlas y sus correspondientes enlaces:
Sesiones técnicas de Usenix Security ‘17
- When Your Threat Model Is “Everything”: Defensive Security in Modern Newsrooms
- Erinn Clark, Lead Security Architect, First Look Media/The Intercept
- How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel
- Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts
- Ninja: Towards Transparent Tracing and Debugging on ARM
- Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX
- On the effectiveness of mitigations against floating-point timing channels
- Constant-Time Callees with Variable-Time Callers
- Neural Nets Can Learn Function Type Signatures From Binaries
- CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory
- Efficient Protection of Path-Sensitive Control Security
- Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities
- kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
- Venerable Variadic Vulnerabilities Vanquished
- Towards Practical Tools for Side Channel Aware Software Engineering: ‘Grey Box’ Modelling for Instruction Leakages
- Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory
- CacheD: Identifying Cache-Based Timing Channels in Production Software
- An Ant in a World of Grasshoppers
- Ellen Cram Kowalczyk, Microsoft
- From Problems to Patterns to Practice: Privacy and User Respect in a Complex World
- Lea Kissner, Google
- BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking
- PlatPal: Detecting Malicious Documents with Platform Diversity
- Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART
- Global Measurement of DNS Manipulation
- Characterizing the Nature and Dynamics of Tor Exit Blocking
- DeTor: Provably Avoiding Geographic Regions in Tor
- SmartAuth: User-Centered Authorization for the Internet of Things
- AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings
- 6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices
- Identifier Binding Attacks and Defenses in Software-Defined Networks
- HELP: Helper-Enabled In-Band Device Pairing Resistant Against Signal Cancellation
- Attacking the Brain: Races in the SDN Control Plane
- Detecting Credential Spearphishing in Enterprise Settings
- SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data
- When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers
- Hacking in Darkness: Return-oriented Programming against Secure Enclaves
- vTZ: Virtualizing ARM TrustZone
- Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing
- AuthentiCall: Efficient Identity and Content Authentication for Phone Calls
- Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment
- TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication
- Transcend: Detecting Concept Drift in Malware Classification Models
- Syntia: Synthesizing the Semantics of Obfuscated Code
- Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning
- Differential Privacy: From Theory to Deployment
- Abhradeep Guha Thakurta, University of California, Santa Cruz
- OSS-Fuzz - Google’s continuous fuzzing service for open source software
- Kostya Serebryany, Google
- Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies
- CCSP: Controlled Relaxation of Content Security Policies by Runtime Policy Composition
- Same-Origin Policy: Evaluation in Modern Browsers
- Locally Differentially Private Protocols for Frequency Estimation
- BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model
- Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More
- BootStomp: On the Security of Bootloaders in Mobile Devices
- Seeing Through The Same Lens: Introspecting Guest Address Space At Native Speed
- Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers
- PDF Mirage: Content Masking Attack Against Information-Based Online Services
- Loophole: Timing Attacks on Shared Event Loops in Chrome
- Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers
- Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions
- Phoenix: Rebirth of a Cryptographic Password-Hardening Service
- Vale: Verifying High-Performance Cryptographic Assembly Code
- Exploring User Perceptions of Discrimination in Online Targeted Advertising
- Measuring the Insecurity of Mobile Deep Links of Android
- How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security
- Towards Efficient Heap Overflow Discovery
- DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers
- Dead Store Elimination (Still) Considered Harmful
- Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution
- CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
- AutoLock: Why Cache Attacks on ARM Are Harder Than You Think
- Understanding the Mirai Botnet
- MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning
- Detecting Android Root Exploits by Learning from Root Providers
- USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs
- Reverse Engineering x86 Processor Microcode
- See No Evil, Hear No Evil, Feel No Evil, Print No Evil? Malicious Fill Patterns Detection in Additive Manufacturing
- The Loopix Anonymity System
- MCMix: Anonymous Messaging via Secure Multiparty Computation
- ORide: A Privacy-Preserving yet Accountable Ride-Hailing Service
- Adaptive Android Kernel Live Patching
- CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds
- ROTE: Rollback Protection for Trusted Execution
- A Longitudinal, End-to-End View of the DNSSEC Ecosystem
- Measuring HTTPS Adoption on the Web
- “I Have No Idea What I’m Doing” - On the Usability of Deploying HTTPS
- Beauty and the Burst: Remote Identification of Encrypted Video Streams
- Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks
- A Privacy Analysis of Cross-device Tracking
- SmartPool: Practical Decentralized Pooled Mining
- REM: Resource-Efficient Mining for Blockchains
- Ensuring Authorized Updates in Multi-user Database-Backed Applications
- Qapla: Policy compliance for database-backed systems
- Data Hemorrhage, Inequality, and You: How Technology and Data Flows are Changing the Civil Liberties Game
- Shankar Narayan, Technology and Liberty Project Director, American Civil Liberties Union of Washington
Material de los talleres
- Good tools gone bad: Are we on a slippery slope to communications chaos?
- Chester Wisniewski, Sophos
- dr0wned – Cyber-Physical Attack with Additive Manufacturing
- Automated PCB Reverse Engineering
- BADFET: Defeating Modern Secure Boot Using Second-Order Pulsed Electromagnetic Fault Injection
- From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacks
- Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery
- One Side-Channel to Bring Them All and in the Darkness Bind Them: Associating Isolated Browsing Sessions
- unCaptcha: A Low-Resource Defeat of reCaptcha’s Audio Challenge
- POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection
- Exploitations of Uninitialized Uses on macOS Sierra
- Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing
- Software Grand Exposure: SGX Cache Attacks Are Practical
- Stalling Live Migrations on the Cloud
- SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit
- Breaking and Fixing Gridcoin
- Adversarial Example Defense: Ensembles of Weak Defenses are not Strong
- AutoCTF: Creating Diverse Pwnables via Automated Bug Injection
- Shedding too much Light on a Microcontroller’s Firmware Protection
- Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System
- One Car, Two Frames: Attacks on Hitag-2 Remote Keyless Entry Systems Revisited
- Shattered Trust: When Replacement Smartphone Components Attack
- White-Stingray: Evaluating IMSI Catchers Detection Applications
- fastboot oem vuln: Android Bootloader Vulnerabilities in Vendor Customizations
Libros
Buscar
Entradas Recientes
- Posts
- Reemplazando la bateria del AirTag
- OpenExpo Europe décima edición, 18 de mayo: El Epicentro de la Innovación y la Transformación Digital
- Docker Init
- Kubernetes para profesionales
- Agenda: OpenExpo Europe 2022 llega el 30 de junio en formato presencial
- Libro 'Manual de la Resilencia', de Alejandro Corletti, toda una referencia para la gestión de la seguridad en nuestros sistemas
- Mujeres hackers en ElevenPaths Radio
- Creando certificados X.509 caducados
- Generador de imágenes Docker para infosec