FOCI

Material de USENIX 24 y sus talleres: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS



La organización sobre computación avanzada USENIX, celebra su 24 simposio sobre seguridad. Dicho evento termina hoy, pero el contenido de las charlas ya se encuentran disponibles:

• Post-Mortem of a Zombie: Conficker Cleanup After Six Years - Paper
• Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World - Paper
• Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem - Paper
• Under-Constrained Symbolic Execution: Correctness Checking for Real Code - Paper
• TaintPipe: Pipelined Symbolic Taint Analysis - Paper
• Type Casting Verification: Stopping an Emerging Attack Vector - Paper
• All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS - Paper
• Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS - Paper
• Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Paper
• Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception - Paper
• Control-Flow Bending: On the Effectiveness of Control-Flow Integrity - Paper
• Automatic Generation of Data-Oriented Exploits - Paper
• Protocol State Fuzzing of TLS Implementations - Paper
• Verified Correctness and Security of OpenSSL HMAC - Paper
• Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation - Paper
• To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections - Paper
• De-anonymizing Programmers via Code Stylometry - Paper
• RAPTOR: Routing Attacks on Privacy in Tor - Paper
• Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services - Paper
• SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization - Paper
• Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer - Paper
• Trustworthy Whole-System Provenance for the Linux Kernel - Paper
• Securing Self-Virtualizing Ethernet Devices - Paper
• EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning - Paper
• Marionette: A Programmable Network Traffic Obfuscation System - Paper
• CONIKS: Bringing Key Transparency to End Users - Paper
• Investigating the Computer Security Practices and Needs of Journalists - Paper
• Constants Count: Practical Improvements to Oblivious RAM - Paper
• Raccoon: Closing Digital Side-Channels through Obfuscated Execution - Paper
• M2R: Enabling Stronger Privacy in MapReduce Computation - Paper
• Measuring Real-World Accuracies and Biases in Modeling Password Guessability - Paper
• Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound - Paper
• Android Permissions Remystified: A Field Study on Contextual Integrity - Paper
• Phasing: Private Set Intersection Using Permutation-based Hashing - Paper
• Faster Secure Computation through Automatic Parallelization - Paper
• The Pythia PRF Service - Paper
• EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services - Paper
• Trends and Lessons from Three Years Fighting Malicious Extensions - Paper
• Meerkat: Detecting Website Defacements through Image-based Object Recognition - Paper
• Recognizing Functions in Binaries with Neural Networks - Paper
• Reassembleable Disassembling - Paper
• How the ELF Ruined Christmas - Paper
• Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale - Paper
• You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps - Paper
• Boxify: Full-fledged App Sandboxing for Stock Android - Paper
• Cookies Lack Integrity: Real-World Implications - Paper
• The Unexpected Dangers of Dynamic JavaScript - Paper
• ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities - Paper
• Anatomization and Protection of Mobile Apps’ Location Privacy Threats - Paper
• LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors - Paper
• PowerSpy: Location Tracking Using Mobile Device Power Analysis - Paper
• In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services - Paper
• Bohatei: Flexible and Elastic DDoS Defense - Paper
• Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge - Paper
• GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - Paper
• Thermal Covert Channels on Multi-core Platforms - Paper
• Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors - Paper
• Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches - Paper
• A Placement Vulnerability Study in Multi-Tenant Public Clouds - Paper
• A Measurement Study on Co-residence Threat inside the Cloud - Paper
• Towards Discovering and Understanding Task Hijacking in Android - Paper
• Cashtags: Protecting the Input and Display of Sensitive Data - Paper
• SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps - Paper
• UIPicker: User-Input Privacy Identification in Mobile Applications - Paper
• Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents - Paper
• WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths - Paper
• Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits - Paper
• Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence - Paper

A este evento le preceden una serie de talleres enfocados en temas más específicos, también dentro del ámbito de la seguridad informática: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS.

Cada uno de dichos talleres, a excepción de HotSet, también han publicado el contenido de sus sesiones, aunque en el caso the HealthTech sólo tienen publicada una de ellas.