Sciweavers

NDSS
2015
IEEE
8 years 8 months ago
vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries
Abstract—Control-Flow Integrity (CFI) is an important security property that needs to be enforced to prevent controlflow hijacking attacks. Recent attacks have demonstrated that...
Aravind Prakash, Xunchao Hu, Heng Yin
NDSS
2015
IEEE
8 years 8 months ago
DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices
—It is becoming a global trend for company employees equipped with mobile devices to access company’s assets. Besides enterprise apps, lots of personal apps from various untrus...
Xueqiang Wang, Kun Sun, Yuewu Wang, Jiwu Jing
NDSS
2015
IEEE
8 years 8 months ago
Exploiting and Protecting Dynamic Code Generation
Abstract—Many mechanisms have been proposed and deployed to prevent exploits against software vulnerabilities. Among them, W⊕X is one of the most effective and efficient. W⊕...
Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, ...
NDSS
2015
IEEE
8 years 8 months ago
DEFY: A Deniable, Encrypted File System for Log-Structured Storage
Abstract—While solutions for file system encryption can prevent an adversary from determining the contents of files, in situations where a user wishes to hide the existence of ...
Timothy Peters, Mark Gondree, Zachary N. J. Peters...
NDSS
2015
IEEE
8 years 8 months ago
Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning
—We have conducted the first in-depth empirical study of two important new web security features: strict transport security (HSTS) and public-key pinning. Both have been added t...
Michael Kranch, Joseph Bonneau
NDSS
2015
IEEE
8 years 8 months ago
NSEC5: Provably Preventing DNSSEC Zone Enumeration
Abstract—We use cryptographic techniques to study zone enumeration in DNSSEC. DNSSEC is designed to prevent attackers from tampering with domain name system (DNS) messages. The c...
Sharon Goldberg, Moni Naor, Dimitrios Papadopoulos...
NDSS
2015
IEEE
8 years 8 months ago
Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
—Typosquatting is the act of purposefully registering a domain name that is a mistype of a popular domain name. It is a concept that has been known and studied for over 15 years,...
Pieter Agten, Wouter Joosen, Frank Piessens, Nick ...
NDSS
2015
IEEE
8 years 8 months ago
P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions
—In cyber attack analysis, it is often highly desirable to understand the meaning of an unknown file or network message in the absence of their consumer (i.e. the program that p...
Yonghwi Kwon, Fei Peng, Dohyeong Kim, Kyungtae Kim...
NDSS
2015
IEEE
8 years 8 months ago
Preventing Use-after-free with Dangling Pointers Nullification
—Many system components and network applications are written in languages that are prone to memory corruption vulnerabilities. There have been countless cases where simple mistak...
Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tiel...
NDSS
2015
IEEE
8 years 8 months ago
SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment
Abstract—ARM TrustZone, which provides a Trusted Execution Environment (TEE), normally plays a role in keeping security-sensitive resources safe. However, to properly control acc...
Jin Soo Jang, Sunjune Kong, Minsu Kim, Daegyeong K...