A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL.
The file type is
The idea of analyzing consistency of checks on critical variables was first proposed by Son and Shmatikov  . ...doi:10.1145/2076021.2048146 fatcat:sho2vfdbujbhdabtb5shr6h5sq
Web applications are vulnerable to semantic attacks such as denial of service due to infinite loops caused by malicious inputs and unauthorized database operations due to missing security checks. Unlike "conventional" threats such as SQL injection and cross-site scripting, these attacks exploit bugs in the logic of the vulnerable application and cannot be discovered using data-flow analysis alone. We give the first characterization of these types of vulnerabilities in PHP applications, developdoi:10.1145/2166956.2166964 dblp:conf/pldi/SonS11 fatcat:u5pvzalydnegtkwtcivddc4mje
more »... ovel inter-procedural algorithms for discovering them in PHP source code, and implement these algorithms as part of SAFERPHP, a framework for static security analysis of PHP applications. SAFER-PHP uncovered multiple, previously unreported vulnerabilities in several popular Web applications.
Lecture Notes in Computer Science
The conventional wisdom has always been that users should refrain from entering their sensitive data (such as usernames, passwords, and credit card numbers) into http(or white) pages, but they can enter these data into https (or yellow) pages. Unfortunately, this assumption is not valid as it became clear recently that, through human mistakes or Phishing or Pharming attacks, a displayed yellow page may not be the same one that the user has intended to request in the first place. In this paper,doi:10.1007/978-3-540-89335-6_19 fatcat:7cm2naibqffiblzoz6lufaebxq
more »... e propose to add a third class of secure web pages called brown pages. We show that brown pages are more secure than yellow pages especially in face of human mistakes and Phishing and Pharming attacks. Thus users can enter their sensitive data into brown pages without worry.
Code injection attacks continue to plague applications that incorporate user input into executable programs. For example, SQL injection vulnerabilities rank fourth among all bugs reported in CVE, yet all previously proposed methods for detecting SQL injection attacks suffer from false positives and false negatives. This paper describes the design and implementation of DIGLOS-SIA, a new tool that precisely and efficiently detects code injection attacks on server-side Web applications generatingdoi:10.1145/2508859.2516696 dblp:conf/ccs/SonMS13 fatcat:zqtrbdccw5bs5kwmqzq3n7gsty
more »... QL and NoSQL queries. The main problems in detecting injected code are (1) recognizing code in the generated query, and (2) determining which parts of the query are tainted by user input. To recognize code, DIGLOSSIA relies on the precise definition due to Ray and Ligatti. To identify tainted characters, DIGLOSSIA dynamically maps all application-generated characters to shadow characters that do not occur in user input and computes shadow values for all input-dependent strings. Any original characters in a shadow value are thus exactly the taint from user input. Our key technical innovation is dual parsing. To detect injected code in a generated query, DIGLOSSIA parses the query in tandem with its shadow and checks that (1) the two parse trees are syntactically isomorphic, and (2) all code in the shadow query is in shadow characters and, therefore, originated from the application itself, as opposed to user input. We demonstrate that DIGLOSSIA accurately detects both SQL and NoSQL code injection attacks while avoiding the false positives and false negatives of prior methods. By recasting the problem of detecting injected code as a string propagation and parsing problem, we gain substantial improvements in efficiency and precision over prior work. Our approach does not require any changes to the databases, Web servers, or Web browsers, adds virtually unnoticeable performance overhead, and is deployable today.
Trigger set-based watermarking schemes have gained emerging attention as they provide a means to prove ownership for deep neural network model owners. In this paper, we argue that state-of-the-art trigger set-based watermarking algorithms do not achieve their designed goal of proving ownership. We posit that this impaired capability stems from two common experimental flaws that the existing research practice has committed when evaluating the robustness of watermarking algorithms: (1) incompletearXiv:2106.10147v1 fatcat:yhhhpgwndzdgheltof6uretd5u
more »... adversarial evaluation and (2) overlooked adaptive attacks. We conduct a comprehensive adversarial evaluation of 10 representative watermarking schemes against six of the existing attacks and demonstrate that each of these watermarking schemes lacks robustness against at least two attacks. We also propose novel adaptive attacks that harness the adversary's knowledge of the underlying watermarking algorithm of a target model. We demonstrate that the proposed attacks effectively break all of the 10 watermarking schemes, consequently allowing adversaries to obscure the ownership of any watermarked model. We encourage follow-up studies to consider our guidelines when evaluating the robustness of their watermarking schemes via conducting comprehensive adversarial evaluation that include our adaptive attacks to demonstrate a meaningful upper bound of watermark robustness.
The OpenFlow (OF) switching specification represents an innovative and open standard for enabling the dynamic programming of flow control policies in production networks. Unfortunately, thus far researchers have paid little attention to the development of methods for verifying that dynamic flow policies inserted within an OpenFlow network do not violate the network's underlying security policy. We introduce FLOVER, a model checking system which verifies that the aggregate of flow policiesdoi:10.1109/icc.2013.6654813 dblp:conf/icc/SonSYPG13 fatcat:uifcjesd7vgw7msyft3zoag5jq
more »... tiated within an OpenFlow network does not violate the network's security policy. We have implemented FLOVER using the Yices SMT solver, which we then integrated into NOX, a popular OpenFlow network controller. FLOVER provides NOX a formal validation of the OpenFlow network's security posture.
The idea of analyzing consistency of checks on critical variables was first proposed by Son and Shmatikov  . ...doi:10.1145/2048066.2048146 dblp:conf/oopsla/SonMS11 fatcat:w2gwct5ryng77gborszbqptkva
more »... s that can directly train prevailing NNLMs. We demonstrate that Montage is capable of generating valid JS tests, and show that it outperforms previous studies in terms of finding vulnerabilities. Montage found 37 real-world bugs, including three CVEs, in the latest JS engines, demonstrating its efficacy in finding JS engine bugs.
DNS cache poisoning is a serious threat to today's Internet. We develop a formal model of the semantics of DNS caches, including the bailiwick rule and trust-level logic, and use it to systematically investigate different types of cache poisoning and to generate templates for attack payloads. We explain the impact of the attacks on DNS resolvers such as BIND, MaraDNS, and Unbound and their implications for several defenses against DNS cache poisoning.doi:10.1007/978-3-642-16161-2_27 fatcat:de64fyqzmvhfrdyrwmvztfy2gy
Proceedings of the ACM Web Conference 2022
Black-box web scanners have been a prevalent means of performing penetration testing to find reflected cross-site scripting (XSS) vulnerabilities. Unfortunately, off-the-shelf black-box web scanners suffer from unscalable testing as well as false negatives that stem from a testing strategy that employs fixed attack payloads, thus disregarding the exploitation of contexts to trigger vulnerabilities. To this end, we propose a novel method of adapting attack payloads to a target reflected XSSdoi:10.1145/3485447.3512234 fatcat:nmy2npjj5jar3hr4lzpuooujca
more »... rability using reinforcement learning (RL). We present Link, a general RL framework whose states, actions, and a reward function are designed to find reflected XSS vulnerabilities in a black-box and fully automatic manner. Link finds 45, 213, and 60 vulnerabilities with no false positives in Firing-Range, OWASP, and WAVSEP benchmarks, respectively, outperforming state-of-the-art web scanners in terms of finding vulnerabilities and ending testing campaigns earlier. Link also finds 43 vulnerabilities in 12 real-world applications, demonstrating the promising efficacy of using RL in finding reflected XSS vulnerabilities. CCS CONCEPTS • Security and privacy → Web application security.
Binary code similarity analysis (BCSA) is widely used for diverse security applications such as plagiarism detection, software license violation detection, and vulnerability discovery. Despite the surging research interest in BCSA, it is significantly challenging to perform new research in this field for several reasons. First, most existing approaches focus only on the end results, namely, increasing the success rate of BCSA, by adopting uninterpretable machine learning. Moreover, they utilizearXiv:2011.10749v3 fatcat:2ejtyrb23fg6fcrlg24rbbsaku
more »... their own benchmark sharing neither the source code nor the entire dataset. Finally, researchers often use different terminologies or even use the same technique without citing the previous literature properly, which makes it difficult to reproduce or extend previous work. To address these problems, we take a step back from the mainstream and contemplate fundamental research questions for BCSA. Why does a certain technique or a feature show better results than the others? Specifically, we conduct the first systematic study on the basic features used in BCSA by leveraging interpretable feature engineering on a large-scale benchmark. Our study reveals various useful insights on BCSA. For example, we show that a simple interpretable model with a few basic features can achieve a comparable result to that of recent deep learning-based approaches. Furthermore, we show that the way we compile binaries or the correctness of underlying binary analysis tools can significantly affect the performance of BCSA. Lastly, we make all our source code and benchmark public and suggest future directions in this field to help further research.
Proceedings 2016 Network and Distributed System Security Symposium
We analyze the software stack of popular mobile advertising libraries on Android and investigate how they protect the users of advertising-supported apps from malicious advertising. We find that, by and large, Android advertising libraries properly separate the privileges of the ads from the host app by confining ads to dedicated browser instances that correctly apply the same origin policy. We then demonstrate how malicious ads can infer sensitive information about users by accessing externaldoi:10.14722/ndss.2016.23407 fatcat:mvgmnyzd75ch7irstgyiloznze
more »... torage, which is essential for media-rich ads in order to cache video and images. Even though the same origin policy prevents confined ads from reading other apps' externalstorage files, it does not prevent them from learning that a file with a particular name exists. We show how, depending on the app, the mere existence of a file can reveal sensitive information about the user. For example, if the user has a pharmacy price-comparison app installed on the device, the presence of external-storage files with certain names reveals which drugs the user has looked for. We conclude with our recommendations for redesigning mobile advertising software to better protect users from malicious advertising.
Why, a bald HENRY LINDENMEYR & SONS, headed barber sold him two bottles of PAPER WAREHOUSE hair restorer the other day!” ... Do you believe in ‘ P Prva ) sooel TESS SECOND TRAMP, — Yes, I do. I eamt, last night, I was in clover. has unexcelled facilities for the pro- FirsST TRAMP. —Well? ...
Fitzgerald ; Sir R Wil- son, M. P.; Sir F. Bardett; J.C. Hobboase, Esq ; C, Calvert, E-q. ; and EB. Ellice, Esq. M, P.” Sir G. ... ant manbay anand, SEE half past 4a m. the Castle at the mouth of Douro announced. by a reyah salme, destined to give liber:y to Portugal... “ day-break the troops of the line and militia assembled por sooel ...
Journal of Education
Putnam’s Sons, N. Y. 1.75 A Journey in the Seaboard Slave States............. Olmsted os m4 ” 5.00 The Heart Of thE OTrieM’. ..6 02. sccesecccccscccvcces ... ... .- WERICAN,<,:,; TEACHERS’ AGENGY SSci7¥: or every department of instruction; r recommends goed sooels ae saleaie” Call on oraddiees” : Mrs. M. J. YOUNG-FULTON, 23 Union Square, New York. ...
« Previous Showing results 1 — 15 out of 53 results