Concept

Application security

Related publications (10)

WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches

Mathias Josef Payer, Flavio Toffalini, Luca Di Bartolomeo, Jianhao Xu

Code-reuse attacks are dangerous threats that attracted the attention of the security community for years. These attacks aim at corrupting important control-flow transfers for taking control of a process without injecting code. Nowadays, the combinations o ...

IEEE COMPUTER SOC2023

MINERVA: Browser API Fuzzing with Dynamic Mod-Ref Analysis

Mathias Josef Payer, Yu Jiang, Chijin Zhou

Browser APIs are essential to the modern web experience. Due to their large number and complexity, they vastly expand the attack surface of browsers. To detect vulnerabilities in these APIs, fuzzers generate test cases with a large amount of random API inv ...

New York2022

RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization

Mathias Josef Payer, Duo Xu

Analyzing the security of closed source binaries is currently impractical for end-users, or even developers who rely on third-party libraries. Such analysis relies on automatic vulnerability discovery techniques, most notably fuzzing with sanitizers enable ...

IEEE COMPUTER SOC2020

Practical Private Range Search in Depth

Odysseas Papapetrou, Ioannis Demertzis

We consider a data owner that outsources its dataset to an untrusted server. The owner wishes to enable the server to answer range queries on a single attribute, without compromising the privacy of the data and the queries. There are several schemes on “pr ...

2018

Practical Private Range Search Revisited

Odysseas Papapetrou, Ioannis Demertzis

2016

Subdomain and Access Pattern Privacy Trading off Confidentiality and Performance

Bin Lu, Thomas Locher, Matus Harvan

Homomorphic encryption and secure multi-party computation enable computations on encrypted data. However, both techniques suffer from a large performance overhead. While advances in algorithms might reduce the overhead, we show that achieving perfect (or e ...

Scitepress2016

Security in distributed metadata catalogues

Nuno Filipe de Sousa Santos

Catalogue services provide the discovery and location mechanisms that allow users and applications to locate data on Grids. Replication is a highly desirable feature in these services, since it provides the scalability and reliability required on large dat ...

2008

On the Security of a Popular Web Submission and Review Software (WSaR) for Cryptology Conferences

Most, if not all, conferences use an online system to handle paper submissions and reviews. Introduction of these systems has significantly facilitated the administration, submission and review process compared to traditional paper-based ones. However, it ...

Springer2007

Excess demand and equilibration in multi-security financial markets: The empirical evidence

Price dynamics are studied in a dataset of more than 11,000 transactions from large-scale financial markets experiments with multiple risky securities. The aim is to determine whether a few simple principles govern equilibration. We first ask whether price ...

2003

Building blocks for secure services

Levente Buttyan

This thesis is concerned with two security mechanisms: authenticated key transport and rational exchange protocols. These mechanisms are potential building blocks in the security architecture of a range of different services. Authenticated key transport pr ...

EPFL2002

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.