The second to last trifecta of #HackerSummerCamp, here is the #DCG201 2024 guide for @usenixassociation, @soups & @wootsecurity: https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-sixteen-usenix-security-trifecta-2024-c0e80833eb2d
#usenix #usenix2024 #usenixsecurity #soups #soups2024 #woot #w00t @defcon @philly2600 @bsidesphilly
I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!
You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf
#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec
Also looking forward to present #SnailLoad at #USENIX2024.
(3/3)
I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!
You can read the full paper here: https://stefangast.eu/papers/divide_and_surrender.pdf
#divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity
Are you attending @usenixassociation Security 2023 in Anaheim? The @cydcampus is organizing a 🇨🇭 Reception on August 9th at 7 pm. The event will take place right after the Symposium Reception and is conveniently located just a 10 minute walk away.
We invite all our partners, collaborators and extended network to attend. We want to bring together the cybersecurity community with ties to Switzerland, and you will have the opportunity to network with fellow researchers and discuss the latest developments while enjoying some refreshments and the view.
Don't miss the occasion to meet with my colleagues Martin Strohmeier Vincent Lenders and Bernhard Tellenbach! Reach out to anyone of us if you would like an invite!
Looking forward to meet you in Anaheim!
#USENIX #USENIX23 #USENIXsecurity #conference #cyber #security #cyberdefence #networking
#10yrsago Bank forecloses on wrong house, changes locks, steals tons of stuff, won’t compensate owner in full https://www.popehat.com/2013/07/26/want-to-burglarize-a-house-with-impunity-then-nickle-and-dime-the-restitution-it-helps-to-be-a-bank/
#10yrsago Canadian #Tories distribute fake Braille flyers about disabled initiative https://www.thestar.com/news/canada/conservative-flyers-on-disabled-initiatives-contain-fake-braille/article_e500f631-3cc1-5b81-b4a3-db7f0b7edb2d.html
#10yrsago At #VW’s request, English court censors #UsenixSecurity presentation on keyless entry systems for luxury cars https://www.theguardian.com/technology/2013/jul/26/scientist-banned-revealing-codes-cars
7/
One common criticism of the libertarian ethos is that if we reduce government control over society, big business will have unchecked power over our lives, so that we will merely be trading one type of control for another. But concern with corporate power is not inconsistent with libertarianism, as Clark illustrated in his post on
We present IvySyn, the first fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks. IvySyn leverages the statically-typed nature of native APIs in order to automatically perform type-aware mutation-based fuzzing on low-level kernel code. Given a set of offending inputs that trigger memory safety (and runtime) errors in low-level, native DL (C/C++) code, IvySyn automatically synthesizes code snippets in high-level languages (e.g., in Python), which propagate error-triggering input via high(er)-level APIs. Such code snippets essentially act as "Proof of Vulnerability", as they demonstrate the existence of bugs in native code that an attacker can target through various high-level APIs. Our evaluation shows that IvySyn significantly outperforms past approaches, both in terms of efficiency and effectiveness, in finding vulnerabilities in popular DL frameworks. Specifically, we used IvySyn to test TensorFlow and PyTorch. Although still an early prototype, IvySyn has already helped the TensorFlow and PyTorch framework developers to identify and fix 61 previously-unknown security vulnerabilities, and assign 39 unique CVEs.
DEFCON 201
Stefan Gast
Daniel Thomas
InfoCon
g_tresoldi
Cory Doctorow
Vasileios Kemerlis
heise online (inoffiziell)