Hace una semana se celebró en Canadá la conferencia “académica” sobre ciber seguridad Usenix junto a un puñado de talleres. Todo el material está disponible de forma gratuita para descarga de ambos eventos: Sesiones Técnicas y Talleres.
Aquí tenéis la lista completa de las charlas y sus correspondientes enlaces:
Sesiones técnicas de Usenix Security ‘17 When Your Threat Model Is “Everything”: Defensive Security in Modern Newsrooms Erinn Clark, Lead Security Architect, First Look Media/The Intercept How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel Paper Slides Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts Paper Ninja: Towards Transparent Tracing and Debugging on ARM Paper Slides Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX Paper On the effectiveness of mitigations against floating-point timing channels Paper Slides Constant-Time Callees with Variable-Time Callers Paper Slides Neural Nets Can Learn Function Type Signatures From Binaries Paper CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory Paper Efficient Protection of Path-Sensitive Control Security Paper Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities Paper kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Paper Venerable Variadic Vulnerabilities Vanquished Paper Towards Practical Tools for Side Channel Aware Software Engineering: ‘Grey Box’ Modelling for Instruction Leakages Paper Slides Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory Paper Slides CacheD: Identifying Cache-Based Timing Channels in Production Software Paper An Ant in a World of Grasshoppers Ellen Cram Kowalczyk, Microsoft From Problems to Patterns to Practice: Privacy and User Respect in a Complex World Lea Kissner, Google BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking Paper PlatPal: Detecting Malicious Documents with Platform Diversity Paper Slides Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART Paper Global Measurement of DNS Manipulation Paper Characterizing the Nature and Dynamics of Tor Exit Blocking Paper DeTor: Provably Avoiding Geographic Regions in Tor Paper SmartAuth: User-Centered Authorization for the Internet of Things Paper AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings Paper Slides 6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices Paper Identifier Binding Attacks and Defenses in Software-Defined Networks Paper HELP: Helper-Enabled In-Band Device Pairing Resistant Against Signal Cancellation Paper Attacking the Brain: Races in the SDN Control Plane Paper Detecting Credential Spearphishing in Enterprise Settings Paper SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data Paper When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers Paper Slides Hacking in Darkness: Return-oriented Programming against Secure Enclaves Paper vTZ: Virtualizing ARM TrustZone Paper Slides Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Paper AuthentiCall: Efficient Identity and Content Authentication for Phone Calls Paper Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment Paper Slides TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication Paper Transcend: Detecting Concept Drift in Malware Classification Models Paper Syntia: Synthesizing the Semantics of Obfuscated Code Paper Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning Paper Differential Privacy: From Theory to Deployment Abhradeep Guha Thakurta, University of California, Santa Cruz OSS-Fuzz - Google’s continuous fuzzing service for open source software Slides Kostya Serebryany, Google Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies Paper CCSP: Controlled Relaxation of Content Security Policies by Runtime Policy Composition Paper Same-Origin Policy: Evaluation in Modern Browsers Paper Locally Differentially Private Protocols for Frequency Estimation Paper BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model Paper Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More Paper BootStomp: On the Security of Bootloaders in Mobile Devices Paper Slides Seeing Through The Same Lens: Introspecting Guest Address Space At Native Speed Paper Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers Paper PDF Mirage: Content Masking Attack Against Information-Based Online Services Paper Loophole: Timing Attacks on Shared Event Loops in Chrome Paper Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers Paper Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions Paper Phoenix: Rebirth of a Cryptographic Password-Hardening Service Paper Vale: Verifying High-Performance Cryptographic Assembly Code Paper Exploring User Perceptions of Discrimination in Online Targeted Advertising Paper Measuring the Insecurity of Mobile Deep Links of Android Paper How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security Paper Towards Efficient Heap Overflow Discovery Paper DR.
Leer más
