Zobrazeno 1 - 10
of 139
pro vyhledávání: '"Bos, Herbert"'
Autor:
Pawlowski, Andre, van der Veen, Victor, Andriesse, Dennis, van der Kouwe, Erik, Holz, Thorsten, Giuffrida, Cristiano, Bos, Herbert
Polymorphism and inheritance make C++ suitable for writing complex software, but significantly increase the attack surface because the implementation relies on virtual function tables (vtables). These vtables contain function pointers that attackers
Externí odkaz:
http://arxiv.org/abs/2007.03302
Autor:
Frigo, Pietro, Vannacci, Emanuele, Hassan, Hasan, van der Veen, Victor, Mutlu, Onur, Giuffrida, Cristiano, Bos, Herbert, Razavi, Kaveh
After a plethora of high-profile RowHammer attacks, CPU and DRAM vendors scrambled to deliver what was meant to be the definitive hardware solution against the RowHammer problem: Target Row Refresh (TRR). A common belief among practitioners is that,
Externí odkaz:
http://arxiv.org/abs/2004.01807
In this study, we examine the behavior and profitability of modern malware that mines cryptocurrency. Unlike previous studies, we look at the cryptocurrency market as a whole, rather than just Bitcoin. We not only consider PCs, but also mobile phones
Externí odkaz:
http://arxiv.org/abs/1901.10794
Properly benchmarking a system is a difficult and intricate task. Unfortunately, even a seemingly innocuous benchmarking mistake can compromise the guarantees provided by a given systems security defense and also put its reproducibility and comparabi
Externí odkaz:
http://arxiv.org/abs/1801.02381
Autor:
Isemann, Raphael, Giuffrida, Cristiano, Bos, Herbert, Van Der Kouwe, Erik, Gleissenthall, Klaus Von
Publikováno v:
Isemann, R, Giuffrida, C, Bos, H, Van Der Kouwe, E & Gleissenthall, K V 2023, ' Don't Look UB : Exposing Sanitizer-Eliding Compiler Optimizations ', Proceedings of the ACM on Programming Languages, vol. 7, no. PLDI, 143, pp. 907-927 . https://doi.org/10.1145/3591257
Sanitizers are widely used compiler features that detect undefined behavior and resulting vulnerabilities by injecting runtime checks into programs. For better performance, sanitizers are often used in conjunction with optimization passes. But doing
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=od______4612::23210d6c83a67610208a082d67a1388c
https://research.vu.nl/en/publications/b285e316-b27c-4ad2-b8d5-2bcaa5a7f4c7
https://research.vu.nl/en/publications/b285e316-b27c-4ad2-b8d5-2bcaa5a7f4c7
Publikováno v:
Barberis, E, Frigo, P, Muench, M, Bos, H & Giuffrida, C 2022, Branch History Injection : On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks . in Proceedings of the 31st USENIX Security Symposium, Security 2022 . USENIX Association, pp. 971-988, 31st USENIX Security Symposium, Security 2022, Boston, United States, 10/08/22 . < https://www.vusec.net/projects/bhi-spectre-bhb/ >
Proceedings of the 31st USENIX Security Symposium, Security 2022, 971-988
STARTPAGE=971;ENDPAGE=988;TITLE=Proceedings of the 31st USENIX Security Symposium, Security 2022
Proceedings of the 31st USENIX Security Symposium, Security 2022, 971-988
STARTPAGE=971;ENDPAGE=988;TITLE=Proceedings of the 31st USENIX Security Symposium, Security 2022
Branch Target Injection (BTI or Spectre v2) is one of the most dangerous transient execution vulnerabilities, as it allows an attacker to abuse indirect branch mispredictions to leak sensitive information. Unfortunately, it also has proven difficult
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=dedup_wf_001::3fecc6aa3d6a5e425e45827c7b102b20
http://www.scopus.com/inward/record.url?scp=85128012146&partnerID=8YFLogxK
http://www.scopus.com/inward/record.url?scp=85128012146&partnerID=8YFLogxK
Publikováno v:
Proceedings of the 31st USENIX Security Symposium, Security 2022, 989-1006
STARTPAGE=989;ENDPAGE=1006;TITLE=Proceedings of the 31st USENIX Security Symposium, Security 2022
Tatar, A, Trujillo, D, Giuffrida, C & Bos, H 2022, TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering . in Proceedings of the 31st USENIX Security Symposium, Security 2022 . USENIX Association, pp. 989-1006, 31st USENIX Security Symposium, Security 2022, Boston, United States, 10/08/22 . < https://www.usenix.org/conference/usenixsecurity22/presentation/tatar >
STARTPAGE=989;ENDPAGE=1006;TITLE=Proceedings of the 31st USENIX Security Symposium, Security 2022
Tatar, A, Trujillo, D, Giuffrida, C & Bos, H 2022, TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering . in Proceedings of the 31st USENIX Security Symposium, Security 2022 . USENIX Association, pp. 989-1006, 31st USENIX Security Symposium, Security 2022, Boston, United States, 10/08/22 . < https://www.usenix.org/conference/usenixsecurity22/presentation/tatar >
Translation Lookaside Buffers, or TLBs, play a vital role in recent microarchitectural attacks. However, unlike CPU caches, we know very little about the exact operation of these essential microarchitectural components. In this paper, we introduce TL
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=dedup_wf_001::cc94506525d74c5a5cb0f32077e52562
http://www.scopus.com/inward/record.url?scp=85135913608&partnerID=8YFLogxK
http://www.scopus.com/inward/record.url?scp=85135913608&partnerID=8YFLogxK
Publikováno v:
Ragab, H, Barberis, E, Bos, H & Giuffrida, C 2021, Rage against the machine clear : A systematic analysis of machine clears and their implications for transient execution attacks . in USENIX Security '21 : Proceedings of the 30th USENIX Security Symposium . USENIX Association, pp. 1451-1468, 30th USENIX Security Symposium, USENIX Security 2021, Virtual, Online, 11/08/21 . < https://www.usenix.org/conference/usenixsecurity21/presentation/ragab >
USENIX Security '21: Proceedings of the 30th USENIX Security Symposium, 1451-1468
STARTPAGE=1451;ENDPAGE=1468;TITLE=USENIX Security '21
USENIX Security '21: Proceedings of the 30th USENIX Security Symposium, 1451-1468
STARTPAGE=1451;ENDPAGE=1468;TITLE=USENIX Security '21
Since the discovery of the Spectre and Meltdown vulnerabilities, transient execution attacks have increasingly gained momentum. However, while the community has investigated several variants to trigger attacks during transient execution, much less at
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=dedup_wf_001::e83f64af846464788316a94456e1cb5f
https://hdl.handle.net/1871.1/f05cef31-4d89-4196-97c6-eb0cb778cfff
https://hdl.handle.net/1871.1/f05cef31-4d89-4196-97c6-eb0cb778cfff
Publikováno v:
Proceedings of the 29th USENIX Security Symposium, 2289-2306
STARTPAGE=2289;ENDPAGE=2306;TITLE=Proceedings of the 29th USENIX Security Symposium
STARTPAGE=2289;ENDPAGE=2306;TITLE=Proceedings of the 29th USENIX Security Symposium
One of the key questions when fuzzing is where to look for vulnerabilities. Coverage-guided fuzzers indiscriminately optimize for covering as much code as possible given that bug coverage often correlates with code coverage. Since code coverage overa
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=narcis______::af01742d30fa2f529857f5287cdd489d
https://research.vu.nl/en/publications/9fe10e9e-9e10-4313-ae36-9acbc838b5a5
https://research.vu.nl/en/publications/9fe10e9e-9e10-4313-ae36-9acbc838b5a5