USS
2008
13 years 9 months ago
2008
Many web sites embed third-party content in frames, relying on the browser's security policy to protect them from malicious content. Frames, however, are often insufficient i...
USS
2008
13 years 9 months ago
2008
In light of the systemic vulnerabilities uncovered by recent reviews of deployed e-voting systems, the surest way to secure the voting process would be to scrap the existing syste...
USS
2008
13 years 9 months ago
2008
Large-scale bandwidth-based distributed denial-of-service (DDoS) attacks can quickly knock out substantial parts of a network before reactive defenses can respond. Even traffic flo...
USS
2008
13 years 9 months ago
2008
One of the most critical steps of any security review involves identifying the trust boundaries that an application is exposed to. While methodologies such as threat modeling can ...
USS
2008
13 years 9 months ago
2008
Automated bot/botnet detection is a difficult problem given the high level of attacker power. We propose a systematic approach for evaluating the evadability of detection methods....
USS
2008
13 years 9 months ago
2008
Phishing is a form of identity theft in which an attacker attempts to elicit confidential information from unsuspecting victims. While in the past there has been significant work ...
USS
2008
13 years 9 months ago
2008
This paper presents a new technique for exploiting heap overflows in JavaScript interpreters. Briefly, given a heap overflow, JavaScript commands can be used to insure that a func...
USS
2008
13 years 9 months ago
2008
In this paper we introduce the idea of model inference assisted fuzzing aimed to cost effectively improve software security. We experimented with several model inference technique...
USS
2008
13 years 9 months ago
2008
For most computer end
USS
2008
13 years 9 months ago
2008
Cross-site scripting (XSS) and SQL injection errors are two prominent examples of taint-based vulnerabilities that have been responsible for a large number of security breaches in...