ThinkstScapes Research Roundup - Q3 - 2022

Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices

Dilawer Ahmed, Anupam Das, and Fareed Zaffar

[Code] [Paper]

Watching the Watchers: Practical Video Identification Attack in LTE Networks

Sangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, and Yongdae Kim

[Website] [Paper] [Video]

Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side Channel

Henrique Teles Maia, Chang Xiao, Dingzeyu Li, Eitan Grinspun, and Changxi Zheng

[Slides] [Paper]

LTrack: Stealthy Tracking of Mobile Phones in LTE

Martin Kotuliak, Simon Erni, Patrick Leu, Marc Röschlin, and Srdjan Čapkun

[Slides] [Paper]

IRMA's Idemix core: Understanding the crypto behind selective, unlinkable attribute disclosure

Maja Reissner and Sietse Ringers

[Site] [Code] [Video]

CryptPad: a zero knowledge collaboration platform

Ludovic Dubost

[Code] [Video] [Site]

drand: publicly verifiable randomness explained

Yolan Romailler

[Video] [Code]

A dead man’s full-yet-responsible-disclosure system

Yolan Romailler

[Slides] [Code]

Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures

Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

[Slides] [Paper]

My data in your signed code

Alex Ivkin

[Code] [Video]

Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification

Golan Cohen

[Video] [Blog]

TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries

Marcel Maehren, Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky, Jörg Schwenk

[Slides] [Website] [Code]

Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs

Jayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang, Christophe Hauser, and Yan Shoshitaishvili

[Paper] [Code]

In Need of 'Pair' Review: Vulnerable Code Contributions by GitHub Copilot

Hammond Pearce, Benjamin Tan, Brendan Dolan-Gavitt, and Baleegh Ahmad

[Slides] [Paper]

Catch Me If You Can: Deterministic Discovery of Race Conditions with Fuzzing

Ned Williamson

[Slides] [Code]

Someone’s Been Messing With My Subnormals!

Brendan Dolan-Gavitt

[Blog]

Attacking AAD by abusing the Sync API: The story behind $40K in bounties

Nestori Syynimaa

[Slides] [Code] [Video]

Towards a Tectonic Traffic Shift? Investigating Apple’s New Relay Network

Patrick Sattler , Juliane Aulbach , Johannes Zirngibl , Georg Carle

 [Paper] 

Hiding malware in Docker Desktop's secret virtual machine

Alex Hope

[Blog] [Video]

Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS

Orange Tsai

[Slides] [Blog]

Using Trātṛ to tame Adversarial Synchronization

Yuvraj Patel, Chenhao Ye, Akshat Sinha, Abigail Matthews, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, and Michael M. Swift

[Slides] [Paper]