Using statistical machine learning for making security decisions introduces new vulnerabilities in large scale systems. This paper shows how an adversary can exploit statistical m...
Blaine Nelson, Marco Barreno, Fuching Jack Chi, An...
Cross-site scripting (or XSS) has been the most dominant class of web vulnerabilities in 2007. The main underlying reason for XSS vulnerabilities is that web markup and client-sid...
We show that on both the x86 and ARM architectures it is possible to mount return-oriented programming attacks without using return instructions. Our attacks instead make use of c...
Stephen Checkoway, Lucas Davi, Alexandra Dmitrienk...
— Honeypots are decoys designed to trap, delay, and gather information about attackers. We can use honeypot logs to analyze attackers’ behaviors and design new defenses. A virt...
Xinwen Fu, Wei Yu, Dan Cheng, Xuejun Tan, Kevin St...
The power of side-channel leakage attacks on cryptographic implementations is evident. Today's practical defenses are typically attack-specific countermeasures against certain...