Material de USENIX 24 y sus talleres: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS

La organización sobre computación avanzada USENIX, celebra su 24 simposio sobre seguridad. Dicho evento termina hoy, pero el contenido de las charlas ya se encuentran disponibles:

Post-Mortem of a Zombie: Conficker Cleanup After Six Years - Paper
Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World - Paper
Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem - Paper
Under-Constrained Symbolic Execution: Correctness Checking for Real Code - Paper
TaintPipe: Pipelined Symbolic Taint Analysis - Paper
Type Casting Verification: Stopping an Emerging Attack Vector - Paper
All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS - Paper
Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS - Paper
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Paper
Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception - Paper
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity - Paper
Automatic Generation of Data-Oriented Exploits - Paper
Protocol State Fuzzing of TLS Implementations - Paper
Verified Correctness and Security of OpenSSL HMAC - Paper
Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation - Paper
To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections - Paper
De-anonymizing Programmers via Code Stylometry - Paper
RAPTOR: Routing Attacks on Privacy in Tor - Paper
Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services - Paper
SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization - Paper
Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer - Paper
Trustworthy Whole-System Provenance for the Linux Kernel - Paper
Securing Self-Virtualizing Ethernet Devices - Paper
EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning - Paper
Marionette: A Programmable Network Traffic Obfuscation System - Paper
CONIKS: Bringing Key Transparency to End Users - Paper
Investigating the Computer Security Practices and Needs of Journalists - Paper
Constants Count: Practical Improvements to Oblivious RAM - Paper
Raccoon: Closing Digital Side-Channels through Obfuscated Execution - Paper
M2R: Enabling Stronger Privacy in MapReduce Computation - Paper
Measuring Real-World Accuracies and Biases in Modeling Password Guessability - Paper
Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound - Paper
Android Permissions Remystified: A Field Study on Contextual Integrity - Paper
Phasing: Private Set Intersection Using Permutation-based Hashing - Paper
Faster Secure Computation through Automatic Parallelization - Paper
The Pythia PRF Service - Paper
EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services - Paper
Trends and Lessons from Three Years Fighting Malicious Extensions - Paper
Meerkat: Detecting Website Defacements through Image-based Object Recognition - Paper
Recognizing Functions in Binaries with Neural Networks - Paper
Reassembleable Disassembling - Paper
How the ELF Ruined Christmas - Paper
Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale - Paper
You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps - Paper
Boxify: Full-fledged App Sandboxing for Stock Android - Paper
Cookies Lack Integrity: Real-World Implications - Paper
The Unexpected Dangers of Dynamic JavaScript - Paper
ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities - Paper
Anatomization and Protection of Mobile Apps’ Location Privacy Threats - Paper
LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors - Paper
PowerSpy: Location Tracking Using Mobile Device Power Analysis - Paper
In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services - Paper
Bohatei: Flexible and Elastic DDoS Defense - Paper
Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge - Paper
GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - Paper
Thermal Covert Channels on Multi-core Platforms - Paper
Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors - Paper
Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches - Paper
A Placement Vulnerability Study in Multi-Tenant Public Clouds - Paper
A Measurement Study on Co-residence Threat inside the Cloud - Paper
Towards Discovering and Understanding Task Hijacking in Android - Paper
Cashtags: Protecting the Input and Display of Sensitive Data - Paper
SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps - Paper
UIPicker: User-Input Privacy Identification in Mobile Applications - Paper
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents - Paper
WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths - Paper
Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits - Paper
Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence - Paper

A este evento le preceden una serie de talleres enfocados en temas más específicos, también dentro del ámbito de la seguridad informática: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS.

Cada uno de dichos talleres, a excepción de HotSet, también han publicado el contenido de sus sesiones, aunque en el caso the HealthTech sólo tienen publicada una de ellas.

A continuación listo los enlaces a cada uno de los documentos:

WOOT'15

FLEXTLS: A Tool for Testing TLS Implementations - Paper
Prying Open Pandora's Box: KCI Attacks against TLS - Paper
P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks - Paper
Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics - Paper
Own Your Android! Yet Another Universal Root - Paper
One Class to Rule Them All: 0-Day Deserialization Vulnerabilities in Android - Paper
RouteDetector: Sensor-based Positioning System That Exploits Spatio-Temporal Regularity of Human Mobility - Paper
SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems - Paper
Symbolic Execution for BIOS Security - Paper
IoTPOT: Analysing the Rise of IoT Compromises - Paper
Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers - Paper
How to Break XML Encryption – Automatically - Paper
Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring - Paper
CAIN: Silently Breaking ASLR in the Cloud - Paper
Run-DMA - Paper
Fast and Vulnerable: A Story of Telematic Failures - Paper
Cocaine Noodles: Exploiting the Gap between Human and Machine Speech Recognition - Paper
Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis - Paper
Replication Prohibited: Attacking Restricted Keyways with 3D-Printing - Paper

FOCI'15

An Analysis of China’s “Great Cannon” - Paper
Every Rose Has Its Thorn: Censorship and Surveillance on Social Video Platforms in China - Paper
Understanding Internet Censorship Policy: The Case of Greece - Paper
Half Baked: The Opportunity to Secure Cookie-based Identifiers from Passive Surveillance - Paper

JETS'15

New Techniques for Electronic Voting - Paper
Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting - Paper
Verifiable European Elections: Risk-limiting Audits and Universally Verifiable Tallies for D'Hondt and Its Relatives - Paper
From Error to Error: Why Voters Could not Cast a Ballot and Verify Their Vote with Helios, Prêt à Voter, and Scantegrity II - Paper
Diffusion of Voter Responsibility: Potential Failings in E2E Voter Receipt Checking - Paper

CSET'15

This is Not a Game: Early Observations on Using Alternate Reality Games for Teaching Security Concepts to First-Year Undergraduates - Paper
Build It Break It: Measuring and Comparing Development Security - Paper
Experiences with Honey-Patching in Active Cyber Security Education - Paper
PRISM: Private Retrieval of the Internet’s Sensitive Metadata - Paper
Developing Security Reputation Metrics for Hosting Providers - Paper
Finding Bugs in Source Code Using Commonly Available Development Metadata - Paper
Shadow-Bitcoin: Scalable Simulation via Direct Execution of Multi-Threaded Applications - Paper
Experimental Study of Fuzzy Hashing in Malware Clustering Analysis - Paper

3GSE'15

An Offline Capture The Flag-Style Virtual Machine and an Assessment of Its Value for Cybersecurity Education - Paper
Multidisciplinary Experiential Learning for Holistic Cybersecurity Education, Research and Evaluation - Paper
Engaging Novices in Cybersecurity Competitions: A Vision and Lessons Learned at ACM Tapia 2015 - Paper
An Examination of the Vocational and Psychological Characteristics of Cybersecurity Competition Participants - Paper
Using CTFs for an Undergraduate Cyber Education - Paper
Leveraging Competitive Gamification for Sustainable Fun and Profit in Security Education - Paper
A Scaffolded, Metamorphic CTF for Reverse Engineering - Paper
Automatic Problem Generation for Capture-the-Flag Competitions - Paper
Lessons Learned in Game Development for Crowdsourced Software Formal Verification - Paper