Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns |
Pincus, Baker |
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=1324594&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel5%2F9141%2F29316%2F01324594 |
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) |
Shacham |
http://cseweb.ucsd.edu/~hovav/dist/geometry.pdf |
|
|
|
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs |
Cadar, Dunbar, Engler |
http://llvm.org/pubs/2008-12-OSDI-KLEE.html |
BitBlaze: A New Approach to Computer Security via Binary Analysis |
Song et al. |
http://bitblaze.cs.berkeley.edu/papers/bitblaze_iciss08.pdf |
|
|
|
Control-Flow Integrity - Principles, Implementations, and Applications |
Abadi et al. |
http://users.soe.ucsc.edu/~abadi/Papers/cfi-tissec-revised.pdf |
Intrusion detection via static analysis, |
Wagner and Dean |
http://now.cs.berkeley.edu/~daw/papers/ids-oakland01.pdf |
Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors |
Soltesz et al. |
http://www.cs.princeton.edu/~soltesz/dl-eurosys07/eurosys07.pdf |
|
|
|
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, |
Ristenpart et al. |
http://pages.cs.wisc.edu/~rist/papers/cloudsec.html |
|
|
|
AmazonIA: When Elasticity Snaps Back |
Bugiel et al. |
http://www.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/BNPSS11.pdf |
Inferring Internet Denial-of-Service Activity, |
Moore, Voelker, Savage |
http://www.caida.org/publications/papers/2001/BackScatter/usenixsecurity01.pdf |
Accountable Internet Protocol (AIP) |
David G. Andersen et al. |
http://mistlab.csail.mit.edu/papers/aip.pdf |
A look back at Security Problems in the TCP/IP Protocol Suite |
Bellovin |
http://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf |
Collaborative TCP Sequence Number Inference Attack: How to Crack Sequence Number Under A Second |
Zhiyun Qian, Z. Morley Mao, and Yinglian Xie |
http://research.microsoft.com/apps/pubs/default.aspx?id=168779 |
|
|
|
Tor: The Second-Generation Onion Router |
Dingledine et al. |
http://tor-svn.freehaven.net/anonbib/cache/draft-tor-design-2004.pdf |
Protocol Misidentification Made Easy with Format-Transforming Encryption |
Dyer et al. |
http://eprint.iacr.org/2012/494 |
Robust De-anonymization of Large Sparse Datasets |
Naranyan and Shmatikov |
http://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf |
|
|
|
Compromising Electromagnetic Emanations of Wired and Wireless Keyboards |
Vuagnoux, Pasini |
http://infoscience.epfl.ch/record/140523/files/VP09.pdf |
Hiding Information in Flash Memory |
Wang et al. |
http://www.ieee-security.org/TC/SP2013/papers/4977a271.pdf |
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. |
Halperin et al. |
http://www.secure-medicine.org/icd-study/icd-study.pdf |
|
|
|
|
|
|
Cookieless Monster:Exploring the Ecosystem of Web-based Device Fingerprinting |
Nick Nikiforakis et all. |
http://www.ieee-security.org/TC/SP2013/papers/4977a541.pdf |
How to Shop for Free Online -- Security Analysis of Cashier-as-a-Service Based Web Stores |
Rui Wang et all. |
http://www.informatics.indiana.edu/xw7/papers/caas-oakland-final.pdf |
|
|
|
|
|
|
|
|
|
|
|
|
Probabilistic encryption |
Goldwasser and Micali |
http://ac.els-cdn.com/0022000084900709/1-s2.0-0022000084900709-main.pdf?_tid=80a27f6e-1513-11e3-84f8-00000aab0f6b&acdnat=1378266105_b4c7e08f68050a2483bfcdab5f137d08 |
Random oracles are practical: A paradigm for designing efficient protocols. |
Bellare and Rogaway |
http://cseweb.ucsd.edu/~mihir/papers/ro.html |
Practice-Oriented Provable Security and the Social Construction of Cryptography |
Rogaway |
http://www.cs.ucdavis.edu/~rogaway/papers/cc.pdf |
The Mix-and-Cut Shuffle: Small-domain Encryption Secure against N Queries |
Ristenpart and Yilek |
http://link.springer.com/chapter/10.1007%2F978-3-642-40041-4_22 |
On the Security of RC4 in TLS and WPA |
AlFardan et al. |
http://www.isg.rhul.ac.uk/tls/RC4biases.pdf |
Counter-cryptanalysis |
Stevens |
http://eprint.iacr.org/2013/358 |
Lest We Remember: Cold Boot Attacks on Encryption Keys |
Halderman, et al |
http://citpsite.s3-website-us-east-1.amazonaws.com/oldsite-htdocs/pub/coldboot.pdf |
|
|
|
|
|
|
|
|
|
|
|
|
Your botnet is my botnet: analysis of a botnet takeover |
Stone-Gross et al. |
http://seclab.cs.ucsb.edu/media/uploads/papers/torpig.pdf |
Click Trajectories: End-to-End Analysis of the Spam Value Chain |
Levchenko et al. |
http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf |
Impression Fraud in Online Advertising via Pay-Per-View Networks |
Springborn and Barford |
http://www.cs.wisc.edu/~pb/usenix13_final.pdf |