二进制代码分析
安全防护
G.O.S.S.I.P 阅读推荐 2024-01-29 TEESLICE
No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML @ IEEE S&P 2024
G.O.S.S.I.P 阅读推荐 2024-01-26
DOPE: DOmain Protection Enforcement with PKS @ ACSAC 2023
Network Security
G.O.S.S.I.P 阅读推荐 2024-02-23 5G-Spector
5G-SPECTOR: An O-RAN Compliant Layer-3 Cellular Attack Detection Service @ NDSS 2024
Web Security
G.O.S.S.I.P 阅读推荐 2024-02-26 寻觅文件劫持漏洞
File Hijacking Vulnerability: The Elephant in the Room @ NDSS 2024
G.O.S.S.I.P 阅读推荐 2024-02-05 WebRR
WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web @ USENIX Security 2024
G.O.S.S.I.P 阅读推荐 2023-11-27 Chrowned!
Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger
API
@ Euro S&P 2023
G.O.S.S.I.P 阅读推荐 2024-02-02 来自浏览器的勒索警告!
RøB: Ransomware over Modern Web Browsers @ USENIX Security 2023
Mobile Security
G.O.S.S.I.P 阅读推荐 2024-03-01 马奇诺防线总在龙年被攻破
Maginot Line: Assessing a New Cross-app Threat to PII-as-Factor Authentication in Chinese Mobile Apps @ NDSS 2024
物联网安全
G.O.S.S.I.P 阅读推荐 2024-01-02 蓝牙安全的“千里江山图”
SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth @ IEEE S&P 2024
G.O.S.S.I.P 阅读推荐 2023-11-22 Your Firmware Has Arrived
Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities @ USENIX Security 2024
G.O.S.S.I.P 阅读推荐 2023-12-13 LED出卖了你(的key)
Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations @ CCS 2023
现实世界的密码学安全问题
G.O.S.S.I.P 阅读推荐 2024-02-19 密码学误用检测工具的误用?
Towards Precise Reporting of Cryptographic Misuses @ NDSS 2024
G.O.S.S.I.P 阅读推荐 2024-01-12 端到端加密APP的注入攻击
Injection Attacks Against End-to-End Encrypted Applications @ IEEE S&P 2024
G.O.S.S.I.P 阅读推荐 2023-11-20 RSA公钥之殇
Passive SSH Key Compromise via Lattices @ CCS 2023
G.O.S.S.I.P 阅读推荐 2024-01-15 大破量子危机
ReSolveD: Shorter Signatures from Regular Syndrome Decoding and VOLE-in-the-Head @ PKC 2024
Revisiting the Constant-sum Winternitz One-time Signature with Applications to SPHINCS+ and XMSS @ CRYPTO 2023
供应链安全
G.O.S.S.I.P 阅读推荐 2024-02-21 危险的VS Code插件
UntrustIDE: Exploiting Weaknesses in VS Code Extensions @ NDSS 2024
AI安全
G.O.S.S.I.P 阅读推荐 2024-01-29 TEESLICE
No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML @ IEEE S&P 2024
G.O.S.S.I.P 阅读推荐 2024-01-24 除你防护,夺你模型!
DeMistify: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps @ ICSE 2024
G.O.S.S.I.P 阅读推荐 2024-01-22 The Janus Interface
The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks
G.O.S.S.I.P 阅读推荐 2024-01-17 Crafter
Crafter: Facial Feature Crafting against Inversion-based Identity Theft on Deep Models @ NDSS 2024