Sciweavers

Share
SP
2010
IEEE
192views Security Privacy» more  SP 2010»
10 years 3 months ago
How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation
—Captchas are designed to be easy for humans but hard for machines. However, most recent research has focused only on making them hard for machines. In this paper, we present wha...
Elie Bursztein, Steven Bethard, Celine Fabry, John...
SP
2010
IEEE
174views Security Privacy» more  SP 2010»
10 years 3 months ago
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
— Virtualization is being widely adopted in today’s computing systems. Its unique security advantages in isolating and introspecting commodity OSes as virtual machines (VMs) ha...
Zhi Wang, Xuxian Jiang
SP
2010
IEEE
210views Security Privacy» more  SP 2010»
10 years 3 months ago
Reconciling Belief and Vulnerability in Information Flow
Abstract—Belief and vulnerability have been proposed recently to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches...
Sardaouna Hamadou, Vladimiro Sassone, Catuscia Pal...
SP
2010
IEEE
165views Security Privacy» more  SP 2010»
10 years 3 months ago
A Practical Attack to De-anonymize Social Network Users
—Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions of registered users, and they are interestin...
Gilbert Wondracek, Thorsten Holz, Engin Kirda, Chr...
SP
2010
IEEE
327views Security Privacy» more  SP 2010»
10 years 3 months ago
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow
– With software-as-a-service becoming mainstream, more and more applications are delivered to the client through the Web. Unlike a desktop application, a web application is split...
Shuo Chen, Rui Wang, XiaoFeng Wang, Kehuan Zhang
SP
2010
IEEE
194views Security Privacy» more  SP 2010»
10 years 3 months ago
Identifying Dormant Functionality in Malware Programs
—To handle the growing flood of malware, security vendors and analysts rely on tools that automatically identify and analyze malicious code. Current systems for automated malwar...
Paolo Milani Comparetti, Guido Salvaneschi, Engin ...
SP
2010
IEEE
220views Security Privacy» more  SP 2010»
10 years 3 months ago
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
—Fuzz testing has proven successful in finding security vulnerabilities in large programs. However, traditional fuzz testing tools have a well-known common drawback: they are in...
Tielei Wang, Tao Wei, Guofei Gu, Wei Zou
SP
2010
IEEE
182views Security Privacy» more  SP 2010»
10 years 3 months ago
All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)
—Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward sym...
Edward J. Schwartz, Thanassis Avgerinos, David Bru...
SP
2010
IEEE
178views Security Privacy» more  SP 2010»
10 years 3 months ago
Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically
The computer systems security arms race between attackers and defenders has largely taken place in the domain of software systems, but as hardware complexity and design processes ...
Matthew Hicks, Murph Finnicum, Samuel T. King, Mil...
SP
2010
IEEE
226views Security Privacy» more  SP 2010»
10 years 3 months ago
Chip and PIN is Broken
—EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Eur...
Steven J. Murdoch, Saar Drimer, Ross J. Anderson, ...
books