You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks
We show that threat detection in enterprise networks suffers from blind spots through SIEM rule evasion and present a mitigation called Adaptive Misuse Detection.
Authors: Louis Hackländer-Jansen, Marco Herzog, Rafael Uetz
Article shepherded by: Rik Farrow
Code is not Natural Language: Unlock the Power of Semantics-Oriented Graph Representation for Binary Code Similarity Detection
The best binary code similarity detection have treated code as if it were natural language; our solution creates semantic representations of code for feeding into ML and is better.
Authors: Haojie He, Ziang Weng, Libo Chen
Article shepherded by: Rik Farrow
Being There: USENIX Security Symposium 2023
For me, attending USENIX Security is kinda like going home for the holidays
Authors: Abe Singer
Article shepherded by: Rik Farrow
FloatZone: How Floating Point Additions can Detect Memory Errors
We introduce FloatZone, a compiler-based sanitizer to detect spatial and temporal memory errors in C/C++ programs using lightweight checks that leverage the Floating Point Unit.
Authors: Floris Gorter, Enrico Barberis, Raphael Isemann, Erik van der Kouwe, Cristiano Giuffrida, Herbert Bos
Article shepherded by: Rik Farrow
Sneaky Spy Devices and Defective Detectors
Abusers sometimes spy on their partners using covert devices; to combat this threat, we find out what devices are available to abusers and whether common detectors can find them.
Authors: Rose Ceccio, Sophie Stephenson, Danny Huang, Rahul Chatterjee
Article shepherded by: Rik Farrow
FIDO2 with Attributes in Zero-Knowledge
Authentication and authorization systems currently rely on access to PII; in FIDO-AC, we extend FIDO2 to provide authorization information while maintaining privacy.
Authors: Wei-Zhu Yeoh, Michal Kepkowski, Gunnar Heide, Dali Kaafar, Lucjan Hanzlik
Article shepherded by: Rik Farrow
Reimagining Correctness SLOs: When 100% Means Failure
What do you do when user happiness isn't only about availability? A creative approach to correctness SLOs can improve collaboration between the business and IT.
Authors: Adam Newman
Article shepherded by: Laura Nolan
FreeBSD on Firecracker
Porting FreeBSD to Firecracker dropped the boot time to 20 ms, revealing bugs in the boot process and Firecracker, and is an example of porting a kernel.
Authors: Colin Percival
Article shepherded by: Rik Farrow
Observing CAPTCHAS “in the Wild”
CAPTCHAs continue to be annoying—we enlisted people to see how long CAPTCHAs took to solve, which types were easiest for people, and how often people quit without finishing.
Authors: Andrew Searles, Gene Tsudik
Article shepherded by: Rik Farrow
Computer Security Research, Moral Dilemmas, and Ethical Frameworks
When making moral decisions in computer security research, people may disagree. When that happens, the tools of ethics and moral philosophy can help.
Authors: Tadayoshi Kohno, Yasemin Acar, Wulf Loh
Article shepherded by: Rik Farrow
Diving into Robocall Content with SnorCall
We provide insights from accurate, automated analysis of 232,0000 robocalls, including tools that authorities can use to get to the source of the problem.
Authors: Sathvik Prasad, Brad Reaves
Article shepherded by: Rik Farrow
Measuring the Risk Password Reuse Poses for a University
Reuse of passwords poses a greater threat than weak passwords based on research into compromised passwords at the University of Chicago.
Authors: Alexandra Nisenoff, Maximilian Golla, Blase Ur
Article shepherded by: Rik Farrow
Going Beyond an Incident Report with TLA+
Human reasoning capability is limited - SREs can benefit from using modelling specification languages to understand system behavior.
Authors: Finn Hackett, Joshua Rowe, Markus Alexander Kuppe
Article shepherded by: Laura Nolan
Enabling Realms with the Arm Confidential Compute Architecture
ARMv9 will include Realms, a combination of hardware and firmware that creates a mechanism for isolating memory from reading or writing even by the OS or hypervisor.
Authors: Xupeng Li, Xuheng Li, Christoffer Dall, Ronghui Gu, Jason Nieh, Yousuf Sait, Gareth Stockwell
Article shepherded by: Rik Farrow
BeyondCorp and the long tail of Zero Trust
After successfully transitioning most of the Google's workflows to BeyondCorp, we were left with a long tail of specific or challenging situations to resolve.
Authors: Guilherme Gonçalves, Kyle O'Malley, Betsy Beyer, Max Saltonstall
Article shepherded by: Rik Farrow
NSDI'23 Test of Time Award
A graduate research project turned into a popular web browser plug-in, used by millions
Authors: Franzi Roesner, Gennie Gebhart, Rik Farrow
Article shepherded by: Rik Farrow
Bcrypt at 25: A Retrospective on Password Security
Celebrating 25 years of bcrypt! Dive into its journey, enduring impact on password security, and unique ways it's shaping the future.
Authors: Niels Provos
Article shepherded by: Rik Farrow
Responding to and Learning from Distributed Incidents
Step through a distributed systems incident and see how teams can learn from these events.
Authors: Philipp Böschen
Article shepherded by: Laura Nolan
