Material de USENIX 24 y sus talleres: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS

La organización sobre computación avanzada USENIX, celebra su 24 simposio sobre seguridad. Dicho evento termina hoy, pero el contenido de las charlas ya se encuentran disponibles: Post-Mortem of a Zombie: Conficker Cleanup After Six Years - Paper Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World - Paper Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem - Paper Under-Constrained Symbolic Execution: Correctness Checking for Real Code - Paper TaintPipe: Pipelined Symbolic Taint Analysis - Paper Type Casting Verification: Stopping an Emerging Attack Vector - Paper All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS - Paper Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS - Paper Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Paper Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception - Paper Control-Flow Bending: On the Effectiveness of Control-Flow Integrity - Paper Automatic Generation of Data-Oriented Exploits - Paper Protocol State Fuzzing of TLS Implementations - Paper Verified Correctness and Security of OpenSSL HMAC - Paper Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation - Paper To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections - Paper De-anonymizing Programmers via Code Stylometry - Paper RAPTOR: Routing Attacks on Privacy in Tor - Paper Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services - Paper SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization - Paper Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer - Paper Trustworthy Whole-System Provenance for the Linux Kernel - Paper Securing Self-Virtualizing Ethernet Devices - Paper EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning - Paper Marionette: A Programmable Network Traffic Obfuscation System - Paper CONIKS: Bringing Key Transparency to End Users - Paper Investigating the Computer Security Practices and Needs of Journalists - Paper Constants Count: Practical Improvements to Oblivious RAM - Paper Raccoon: Closing Digital Side-Channels through Obfuscated Execution - Paper M2R: Enabling Stronger Privacy in MapReduce Computation - Paper Measuring Real-World Accuracies and Biases in Modeling Password Guessability - Paper Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound - Paper Android Permissions Remystified: A Field Study on Contextual Integrity - Paper Phasing: Private Set Intersection Using Permutation-based Hashing - Paper Faster Secure Computation through Automatic Parallelization - Paper The Pythia PRF Service - Paper EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services - Paper Trends and Lessons from Three Years Fighting Malicious Extensions - Paper Meerkat: Detecting Website Defacements through Image-based Object Recognition - Paper Recognizing Functions in Binaries with Neural Networks - Paper Reassembleable Disassembling - Paper How the ELF Ruined Christmas - Paper Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale - Paper You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps - Paper Boxify: Full-fledged App Sandboxing for Stock Android - Paper Cookies Lack Integrity: Real-World Implications - Paper The Unexpected Dangers of Dynamic JavaScript - Paper ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities - Paper Anatomization and Protection of Mobile Apps’ Location Privacy Threats - Paper LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors - Paper PowerSpy: Location Tracking Using Mobile Device Power Analysis - Paper In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services - Paper Bohatei: Flexible and Elastic DDoS Defense - Paper Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge - Paper GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - Paper Thermal Covert Channels on Multi-core Platforms - Paper Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors - Paper Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches - Paper A Placement Vulnerability Study in Multi-Tenant Public Clouds - Paper A Measurement Study on Co-residence Threat inside the Cloud - Paper Towards Discovering and Understanding Task Hijacking in Android - Paper Cashtags: Protecting the Input and Display of Sensitive Data - Paper SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps - Paper UIPicker: User-Input Privacy Identification in Mobile Applications - Paper Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents - Paper WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths - Paper Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits - Paper Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence - Paper A este evento le preceden una serie de talleres enfocados en temas más específicos, también dentro del ámbito de la seguridad informática: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS.
Leer más