Monthly Archives: September 2017

ICISS 2017 – Human-on-the-loop Automation for Detecting Software Side-Channel Vulnerabilities

Abstract: Software side-channel vulnerabilities (SSCVs) allow an attacker to gather secrets by observing the differential in the time or space required for executing the program for different inputs. Detecting SSCVs is like searching for a needle in the haystack, not knowing what the needle looks like. Detecting SSCVs requires automation that supports systematic exploration to […]

Categories: Papers, Upcoming

Derbycon 7 – JReFrameworker: One Year Later

Abstract:  JReFrameworker is a Java bytecode manipulation tool released at DEFCON 24 that lowers the barrier to entry for developing Managed Code Rootkits in the Java Virtual Machine. Bytecode manipulations are written entirely in source code, removing the need for any pre-requisite knowledge of bytecode internals and allowing anyone with a basic working knowledge of […]

Categories: Talks

APSEC 2017 – Intelligence Amplifying Loop Characterizations for Detecting Algorithmic Complexity Vulnerabilities

Abstract: Algorithmic complexity vulnerabilities (ACVs) can be exploited to cause denial-of-service. Detecting ACVs is hard because of the numerous kinds of loop complexities that cause ACVs. This renders automatic detection intractable for ACVs. State-of-the-art loop analyses aim to obtain precise loop iteration bounds automatically; they can do so for relatively simple loops. This research focuses […]

Categories: Papers, Upcoming