Security papers about software vulnerabilities, exploits and defenses in recent top conferences.
keywords : memory safety, exploits, attck and defense, script , web security, Android and IoT securtiy.
- Automated Generation of Event-Oriented Exploits in Android Hybrid Apps
- VulDeePecker: A Deep Learning-Based System for Vulnerability Detection
- CFIXX : Object Type Integrity of c++
- K-Miner: Uncovering Memory Corruption in Linux
- Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets.
- Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing.
- SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS.
- JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks.
- Compiler-assisted Code Randomization
- Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes
- Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning
- Protecting the Stack with Metadata Policies and Tagged Hardware
- (European S&P) SoK : Security and Privacy in Machine Learning
- (European S&P) Position-independent Code reuse : On the Effectiveness of ASLR in the Absence of Information Disclosure
- SafeInit : Comprehensive and Practical Mitigation of Uninitialized Read Vulnerableabilities
- Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code
- MARX: Uncovering Class Hierarchies in C++ Programs
- PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables
- ASLR on the Line: Practical Cache Attacks on the MMU
- Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
- Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity
- An Evil Copy: How the Loader Betrays You
- Stack Object Protection with Low Fat Pointers
- Self Destructing Exploit Executions via Input Perturbation
- A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations
- Sok: Science, Security, and the Elusive Goal of Security as a scientific Pursite
- Stack Overflow Considered Harmful ? — The Impact of copy & Paste on Android Application Security
- You Exploit is Mine : Automatic Shellcode Transplant for Remote Exploits
- Finding and Preventing Bugs in JavaScript Bindings
- Efficient Protection of Path-Sensitive Control Security
- Hacking in Darkness: Return-oriented Programming against Secure Enclaves
- Towards Efficient Heap Overflow Discovery
- Understanding the Mirai Botnet
- FreeGuard : A Faster Secure Heap Allocator
- The Dynamics of Innocent Flesh on the Bone : Code Reuse Then years Later
- Capturing Malware Propagations with Code Injections and Code-Reuse attacks
- Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets
- Object Flow Integrity
- PtrSplit: Supporting General Pointers in Automatic Program Partitioning
- How to Make ASLR win the Clone Wars: Runtime Re-Randomization
- Leakage-Resilient Layout Randomization for Mobile Devices
- CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities
- You are a Game Bot!: Uncovering Game Bots in MMORPGs via Self-similarity in the Wild
- Protecting C++ Dynamic Dispatch Through VTable Interleaving
- Enforcing Kernel Security Invariants with Data Flow Integrity
- Sok : (State of) The Art of War : Offensive Techniques in Binary Analysis
- Data-Oriented Programming : On the Expressivenss of Non-Control Data Attacks
- A Tough call: Mitigating Advanced Code-Reuse Attacks At The Binary Level
- Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector
- Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code-Inference Attacks
- Undermining Information Hiding (and What to Do about It)
- Poking Holes information Hiding
- What Cannot Be Read Cannot Leveraged? Revisiting Assumptions of JIT-ROP Defenses
- CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump
- Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms
- Chainsaw: Chained Automated Workflow-based Exploit Generation
- Build It, Break It, Fix It: Contesting Secure Development
- An In-Depth Study of More Than Ten Years of Java Exploitation
- On Code Execution Tracking via Power Side-Channel
- Error Handling of In-vehicle Networks Makes Them Vulnerable
- Generic Attacks on Secure Outsourced Databases
- Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service
- VTint: Protecting Virtual Function Tables’ Integrity
- FreeSentry:protecting against use-after-free vulnerabilities due to dangling pointers
- StackArmor: Comprehensive Protection From Stack-based Memory Error Vulnerability for binaries
- Isomeron: Code Randomization Resilient to (Just In Time) Return-Oriented Programming
- Principled Sampling for Anomaly Detection
- Opaque Control-Flow Integrity
- The Devil is in the Constants : Bypassing Defenses in Browser JIT Engines
- Exploiting and Protecting Dynamic Code Generation
- Too LeJIT to Quit: Extending JIT Spraying to ARM
- SoK: Research Perspective and Challenges for Bitcoin and Cryptocurrencies
- Counterfeit Object-oriented Programming: On the Difficult of Preventing Code Reuse Attacks in C++ Applications
- Readactor : Practical Code Randomization Resilient to Memory Disclosure
- Missing the Point(er): On the Effectiveness of Code Pointer Integrity
- Automatic Inference of Search Patterns for Taint-Style Vulnerabilities
- Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception
- Automatic Generation of Data-oriented exploits
- Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS
- It's a TRAP: Table Randomization and Protection against Function Reuse Attacks
- Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads
- Timely Rerandomization for Mitigating Memory Disclosures
- ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks
- Static Detection of Packet Injection Vulnerabilities --- A Case for Identifying Attacker-controlled Implicit Information Leaks
- Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths
- VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits
- Symbolic Execution of Obfuscated Code
- Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity
- The Spy in the Sandbox: Practical Cache Attacks in Javascript and their Implications
papers involved web security,web techonlogies, concurrency and program analysis, etc.
- Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces
- Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications
- It’s Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services
- CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities
- Parallel Performance Problems on Shared-Memory Multicore Systems: Taxonomy and Observation
- Probabilistic Model Checking of Regenerative Concurrent Systems
- Dynamic Testing for Deadlocks via Constraints
- Asymptotic Perturbation Bounds for Probabilistic Model Checking with Empirically Determined Probability Parameters
- Model Checking Software with First Order Logic Specifications Using AIG Solvers
- A Lightweight System for Detecting and Tolerating Concurrency Bugs
- Optimal Sanitization Synthesis for Web Application Vulnerability Repair
- Automated and Effective Testing of Web Services for XML Injection Attacks
- ARROW: Automated Repair of Races on Client-Side Web Pages
- DEKANT: A Static Analysis Tool That Learns to Detect Web Application Vulnerabilities
- CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-world Websites
- Chainsaw: Chained Automated Workflow-based Exploit Generation
- Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem
- calable Thread Sharing Analysis
- Coverage-Driven Test Code Generation for Concurrent Classes
- Finding Security Bugs in Web Applications Using a Catalog of Access Control Patterns
- Feedback-Directed Instrumentation for Deployed JavaScript Applications
- Locking Discipline Inference and Checking
- Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
- Tracing Information Flows Between Ad Exchanges Using Retargeted Ads
- Request and Conquer: Exposing Cross-Origin Resource Size
- Trusted Browsers for Uncertain Times
- You've Got Vulnerability: Exploring Effective Vulnerability Notifications
- Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016
- Inference Attack on Browsing History of Twitter Users Using Public Click Analytics and Twitter Metadata
- Cloak of Visibility: Detecting When Machines Browse a Different Web
- Domain-Z: 28 Registrations Later
- The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information
- MitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era
- Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search
- Automated Reasoning for Web Page Layout
- Ringer: Web Automation by Demonstration
- Understanding and Generating High Quality Patches for Concurrency Bugs
- Flow-Sensitive Composition of Thread-Modular Abstract Interpretation
- Parallel Data Race Detection for Task Parallel Programs with Locks
- Revamping JavaScript Static Analysis via Localization and Remediation of Root Causes of Imprecision
- WATERFALL: An Incremental Approach for Repairing Record-Replay Tests of Web Applications
- A discrete-time feedback controller for containerized cloud applications
- WebRanz: Web Page Randomization for Better Advertisement Delivery and Web-Bot Prevention
- Constraint-Based Event Trace Reduction
- A Deployable Sampling Strategy for Data Race Detection
- CacheOptimizer: Helping Developers Configure Caching Frameworks for Hibernate-Based Database-Centric Web Applications
- Static DOM Event Dependency Analysis for Testing Web Applications
- Atlas: An Intelligent, Performant Framework for Web-Based Grid Computing
- Online Shared Memory Dependence Reduction via Bisectional Coordination
- GreenWeb: Language Extensions for Energy-Efficient Mobile Web Computing
- Precise, Dynamic Information Flow for Database-Backed Applications
- Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots
- (Cross-)Browser Fingerprinting via OS and Hardware Level Features
- Fake Co-visitation Injection Attacks to Recommender Systems
- Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web
- A Study of Causes and Consequences of Client-Side JavaScript Bugs
- AutoSense: A Framework for Automated Sensitivity Analysis of Program Data
- A Survey of App Store Analysis for Software Engineering
- Test Execution Checkpointing for Web Applications
- Automated Layout Failure Detection for Responsive Web Pages without an Explicit Oracle
- Testing and Analysis of Web Applications using Page Models
- Deterministic Browser
- Rewriting History: Changing the Archived Web from the Present
- Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
- Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
- Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
- Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
- Tail Attacks on Web Applications
- Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
- Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security
- Scalable Anti-Censorship Framework Using Moving Target Defense for Web Servers
- Finding and Evaluating the Performance Impact of Redundant Data Access for Applications Using ORM
- ZenIDS: Introspective Intrusion Detection for PHP Applications
- Statically Checking Web API Requests in JavaScript
- On Cross-stack Configuration Errors
- To Type or Not to Type: Quantifying Preventable Bugs in JavaScript
- RClassify: Classifying Race Conditions in Web Applications via Deterministic Replay
- Diamond: Automating Data Management and Storage for Wide-Area, Reactive Applications
- Kraken: Leveraging Live Traffic Tests to Identify and Resolve Resource Utilization Bottlenecks in Large Scale Web Services
- Canopy: An End-to-End Performance Tracing And Analysis System
- Lazy Diagnosis of In-Production Concurrency Bugs
- The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web
- Pensieve: Non-Intrusive Failure Reproduction for Distributed Systems using the Event Chaining Approach
- Realizing the Fault-Tolerance Promise of Cloud Storage Using Locks with Intent
- Same-Origin Policy: Evaluation in Modern Browsers
- CCSP: Controlled Relaxation of Content Security Policies by Runtime Policy Composition
- Loophole: Timing Attacks on Shared Event Loops in Chrome
- PDF Mirage: Content Masking Attack Against Information-Based Online Services
- Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers
- Measuring the Insecurity of Mobile Deep Links of Android
- How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security
- Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies
- Exploring User Perceptions of Discrimination in Online Targeted Advertising
- Generic Soft-Error Detection and Correction for Concurrent Data Structures
- Finding and Preventing Bugs in JavaScript Bindings
- Tapir: Embedding Fork-Join Parallelism into LLVM’s Intermediate Representation
- Model Checking Copy Phases of Concurrent Copying Garbage Collection with Various Memory Models
- Practical Initialization Race Detection for JavaScript Web Applications
- Deadlock Avoidance in Parallel Programs with Futures: Why Parallel Tasks Should Not Wait for Strangers
- Skip Blocks: Reusing Execution History to Accelerate Web Scripts
- Instrumentation Bias for Dynamic Data Race Detection
- A Volatile-by-Default JVM for Server Applications
- Probabilistic Model Checking of Perturbed MDPs with Applications to Cloud Computing
- Thread-Modular Static Analysis for Relaxed Memory Models
- AtexRace: Across Thread and Execution Sampling for In-House Race Detection
- A fast causal profiler for task parallel programs
- Reproducing Concurrency Failures from Crash Stacks
- Craig vs. Newton in Software Model Checking
- Automatic Generation of Inter-Component Communication Exploits for Android Applications
- DESCRY: Reproducing System-Level Concurrency Failures
- Bringing the Web up to Speed with WebAssembly
- Shadow Attacks Based on Password Reuses: A Quantitative Empirical Analysis
- Type Regression Testing to Detect Breaking Changes in Node.js Libraries
- Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations
- JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks
- Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting
- SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS
- On Accelerating Source Code Analysis at Massive Scale
- Metamorphic Testing of RESTful Web APIs
- A Survey of Recent Trends in Testing Concurrent Software Systems
- Reviving Sequential Program Birthmarking for Multithreaded Software Plagiarism Detection
- O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web
- Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies
- Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers
- WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring
- A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning
- Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks
- An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications
- Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies
- NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications
- MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
- How You Get Bullets in Your Back: A Systematical Study about Cryptojacking in Real-world
- Pride and Prejudice in Progressive Web Apps: Abusing Native App-like Features in Web Applications
- Clock Around the Clock: Time-Based Device Fingerprinting
- Predicting Impending Exposure to Malicious Content from User Behavior
- Mystique: Uncovering Information Leakage from Browser Extensions
- Web’s Sixth Sense: A Study of Scripts Accessing Smartphone Sensors
- Plausible Deniability in Web Search - From Detection to Assessment
- Static Detection of Event-based Races in Android Apps
- Unconventional Parallelization of Nondeterministic Applications
- DATS – Refactoring Access Control Out of Web Applications
- Noria: dynamic, partially-stateful data-flow for high-performance web applications
- Floem: A Programming System for NIC-Accelerated Network Applications
- Orca: Differential Bug Localization in Large-Scale Services
- Fault-Tolerance, Fast and Slow: Exploiting Failure Asynchrony in Distributed Systems
- An Analysis of Network-Partitioning Failures in Cloud Systems
- Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications
- Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities
- Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones
- FP-STALKER: Tracking Browser Fingerprint Evolutions Along Time
- A Formal Treatment of Accountable Proxying over TLS
- Tracking Certificate Misissuance in the Wild
- How not to structure your database-backed web applications: a study of performance bugs in the wild
- Automated Repair of Mobile Friendly Problems in Web Pages
- Prioritizing Browser Environments for Web Application Test Execution
- Compositional Programming and Testing of Dynamic Distributed Systems
- Sound deadlock prediction
- Every Data Structure Deserves Lock-Free Memory Reclamation
- Randomized Testing of Distributed Systems with Probabilistic Guarantees
- Parallelization of Dynamic Languages: Synchronizing Built-in Collections
- What Happens-After the First Race? Enhancing the Predictive Power of Happens-Before Based Dynamic Race Detection
- RacerD: Compositional Static Race Detection
- An empirical study on crash recovery bugs in large-scale distributed systems
- Testing Multithreaded Programs via Thread Speed Control
- CUBA: Interprocedural Context-UnBounded Analysis of Concurrent Programs
- Verifying That Web Pages Have Accessible Layout
- iReplayer: In-situ and Identical Record-and-Replay for Multithreaded Applications
- BLeak: Automatically Debugging Memory Leaks in Web Applications
- Putting in All the Stops: Execution Control for JavaScript
- Systematic Black-Box Analysis of Collaborative Web Applications
- Sensor-Based Mobile Web Cross-Site Input Inference Attacks and Defenses