Enabling Reproducibility through the SPHERE Research Infrastructure
SPHERE transforms cybersecurity and privacy research by enabling reproducible, sophisticated experiments, fostering peer review, and accelerating scientific progress
Authors: Jelena Mirkovic, Brian Kocoloski, David Balenson
Article shepherded by: Rik Farrow
Synthetic Monitoring & End-to-End Testing: Two Sides of the Same Coin
Monitoring-as-code can help to support better communication and collaboration between development, operations, and testing, as well as reduce cost and complexity.
Authors: Carly Richmond
Article shepherded by: Laura Nolan
Sieve: Chaos Testing for Kubernetes Controllers
Ensuring Kubernetes controller correctness and reliability is challenging, and chaos testing can uncover many severe bugs.
Authors: Xudong Sun, Wenqing Luo, Jiawei Tyler Gu, Aishwarya Ganesan, Ramnatthan Alagappan, Michael Gasch, Lalith Suresh, Tianyin Xu
Article shepherded by: Laura Nolan
Gear Shift Hacks: Uncovering the Security Risks of Wireless Technology in Professional Cycling
In the midst of the Tour de France, the race leader faces unexpected gear malfunctions while climbing L’Alpe D’Huez. Is it a mere technical glitch or a sign of high-tech foul play?
Authors: Maryam Motallebighomi, Earlence Fernandes, Aanjhan Ranganathan
Article shepherded by: Rik Farrow
Exploiting Smartphones
Some history of exploiting smartphones, starting with the iPhone, and a description of a paper about Android and Linux kernel defenses and where they are lacking.
Authors: Rik Farrow
Article shepherded by: Rik Farrow
Solving the First-Mile Problem
If side channels are like mind reading, this is mind control. Using lasers to execute arbitrary code.
Authors: Joe Loughry
Article shepherded by: Rik Farrow
Navigating the Kubernetes Odyssey
How ThousandEyes went from running in a bunch of servers in a garage, to being a full fledged, cloud native, multi-region platform in Kubernetes.
Authors: Raúl Benencia
Article shepherded by: Laura Nolan
Artificial Intelligence and the New Economics of Cyberattacks
A careful examination of the way that AI will affect both attackers and defenders
Authors: Vaibhav Garg, Jayati Dev
Article shepherded by: Rik Farrow
Measuring the Great Firewall's Multi-layered Web Filtering Apparatus
Authors: Nguyen Phong Hoang, Nick Feamster
Article shepherded by: Rik Farrow
Acto: Push-Button End-to-End Testing for Operation Correctness of Kubernetes Operators
Acto is an open-source end-to-end testing tool for correctness in Kubernetes operators.
Authors: Jiawei Tyler Gu, Xudong Sun, Zhen Tang, Chen Wang, Mandana Vaziri, Owolabi Legunsen, Tianyin Xu
Article shepherded by: Laura Nolan
Analysis of USENIX Paper Downloads
An analysis of the millions of paper and presentation downloads occurring in the summer of 2024, and what makes papers more popular.
Authors: Rik Farrow
Consequences of Compliance: The CrowdStrike Outage of 19 July 2024
Taking stock of the largest digital systems outage in history
Authors: Laura Nolan
Article shepherded by: Rik Farrow
Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing
Using LLMs to create seeds for fuzzing IoT binaries works well, as does keeping track of crashes occurring during the fuzzing of similar binaries.
Authors: Asmita, Yaroslav Oliinyk, Michael Scott, Ryan Tsang, Chongzhou Fang, Houman Homayoun
Article shepherded by: Rik Farrow
Choose One: Android Performance or Security!
Memory safety security mitigations on Android are undermined by its performance-driven system architecture, affecting even the newly introduced hardened memory allocator.
Authors: Philipp Mao, Mathias Payer
Article shepherded by: Rik Farrow
Data-Only Attacks Are Easier than You Think
Once considered too sophisticated and niche to pose a practical threat, data-only attacks can now be generated automatically with surprising ease.
Authors: Brian Johannesmeyer, Herbert Bos, Cristiano Giuffrida, Asia Slowinska
Article shepherded by: Rik Farrow
An Empirical Study of Rust-for-Linux: The Success, Dissatisfaction, and Compromise
Rust-for-Linux may not be as safe as it seems. We examine current experiences including performance Rust-for-Linux.
Authors: Hongyu Li, Liwei Guo, Yexuan Yang, Shangguang Wang, Mengwei Xu
Article shepherded by: Rik Farrow
Interview with Arnold Robbins
Arnold Robbins has been the maintainer of gawk for over three decades; he has also written or revised more than ten books related to Unix systems.
Authors: Rik Farrow, Arnold Robbins
Article shepherded by: Rik Farrow
Understanding and Improving Web Application Fingerprinting with WASABO
Web application fingerprinting tools can help both defenders and attackers. But how well do they actually work? We tested them in the lab and in the wild.
Authors: Nick Nikiforakis, Brian Kondracki
Article shepherded by: Rik Farrow
