You are here

  • [Editor’s Note: A limited number of student grants are available to help pay for travel, accommodations, and NDSS Symposium registration fees for full-time students attending the 24th annual Network and Distributed System Security (NDSS) Symposium. Watch the NDSS website at https://www.internetsociety.org/events/ndss-symposium for information and deadlines as the process opens for NDSS 2018 in February of next year. The following post is a guest contribution from one 2017 grantee.] My name is Muhammad Talha Paracha, and I am an undergraduate Software Engineering student from National...
    Date published 04 April 2017
  • A number of seminal papers appeared towards the end of the 20th century calling for more attention to be paid to the human in the security loop. For example, Anne Adams and Angela Sasse’s “Users are not the Enemy” and Mark Ackerman and Lorrie Cranor’s "Privacy critics: UI components to safeguard users' privacy." The research field of Usable Security was thereby launched, and quickly garnered interest amongst academics and in industry. Almost two decades later this field has achieved independent status with a number of conferences and workshops being dedicated to this research field. USEC is a...
    Date published 17 February 2017
  • Video Authors: Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, Vern Paxson Abstract: As HTTPS deployment grows, middlebox and antivirus products are increasingly intercepting TLS connections to retain visibility into network traffic. In this work, we present a comprehensive study on the prevalence and impact of HTTPS interception. First, we show that web servers can detect interception by identifying a mismatch between the HTTP User-Agent header ...
  • Video Authors: Simon Birnbach, Richard Baker, Ivan Martinovic Abstract: Drones are becoming increasingly popular for hobbyists and recreational use. But with this surge in popularity comes increased risk to privacy as the technology makes it easy to spy on people in otherwise-private environments, such as an individual   s home. An attacker can fly a drone over fences and walls in order to observe the inside of a house, without having physical access. Existing drone detection systems require specialist hardware and expensive deployment efforts; making...
  • Video Authors: Jaebaek Seo, Byoungyoung Lee, Seongmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, Taesoo Kim Abstract: Traditional execution environments deploy Address Space Layout Randomization (ASLR) to defend against memory corruption attacks. However, Intel Software Guard Extension (SGX), a new trusted execution environment designed to serve security-critical applications on the cloud, lacks such an effective, well-studied feature. In fact, we find that applying ASLR to SGX programs raises non-trivial issues beyond simple engineering for a number of...
  • Video Authors: Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor, Zheng Wang Abstract: Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed using a mobile phone camera. Unlike prior attacks on pattern lock, our approach does not require the video to capture any content displayed on the screen. Instead, we employ a computer vision...
  • Video Authors: Yeongpil Cho, Donghyun Kwon, Hayoon Yi, Yunheung Paek Abstract: Privilege separation has long been considered as a fundamental principle in software design to mitigate the potential damage of a security attack. Much effort has been given to develop various privilege separation schemes where a monolithic OS or hypervisor is divided into two privilege domains where one domain is logically more privileged than the other even if both run at an identical processor privilege level. We say that privilege separation is intra-level if it is...
  • Jun Ho Huh, Saurabh Verma, Swathi Sri V Rayala, Rakesh Bobba, Konstantin, Beznosov, Hyoungshick Kim
  • Le Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, Jinming Li
  • Video Authors: Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang, Heng Yin  Abstract: Hidden sensitive operations (HSO) such as stealing privacy user data upon receiving an SMS message are increasingly utilized by mobile malware and other potentially-harmful apps (PHAs) to evade detection. Identification of such behaviors is hard, due to the challenge in triggering them during an app   s runtime. Current static approaches rely on the trigger conditions or hidden behaviors known beforehand and therefore cannot capture...