Skip to search formSkip to main contentSkip to account menu

The Design and Analysis of Graphical Passwords

This work proposes and evaluates new graphical password schemes that exploit features of graphical input displays to achieve better security than text-based passwords and describes the prototype implementation of one of the schemes on a personal digital assistants (PDAs) namely the Palm PilotTM.
View Paper (opens in a new tab)

Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization

This paper introduces the design and implementation of a framework based on a novel attack strategy that undermines the benefits of fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on the fly.
View on IEEE (opens in a new tab)

On User Choice in Graphical Password Schemes

It is shown that permitting user selection of passwords in two graphical password schemes can yield passwords with entropy far below the theoretical optimum and, in some cases, that are highly correlated with the race or gender of the user.
View Paper (opens in a new tab)

Keystroke dynamics as a biometric for authentication

View via Publisher (opens in a new tab)

All Your iFRAMEs Point to Us

The relationship between the user browsing habits and exposure to malware, the techniques used to lure the user into the malware distribution networks, and the different properties of these networks are studied.
View Paper (opens in a new tab)

A multifaceted approach to understanding the botnet phenomenon

This paper attempts to clear the fog surrounding botnets by constructing a multifaceted and distributed measurement infrastructure, which shows that botnets represent a major contributor to unwanted Internet traffic and provides deep insights that may facilitate further research to curtail this phenomenon.
View on ACM (opens in a new tab)

Authentication via keystroke dynamics

  • F. MonroseA. Rubin
  • Computer Science
    Conference on Computer and Communications…
  • 1 April 1997
A database of 42 profiles was constructed based on keystroke patterns gathered from various users performing structured and unstructured tasks, and a toolkit for analyzing system performance under varying criteria is presented.
View on ACM (opens in a new tab)

Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming

This paper conducts a security analysis of a recently proposed fine-grained ASLR scheme and presents a new and hybrid defense approach, dubbed Isomeron, that combines code randomization with execution-path randomization to mitigate conventional ROP and JIT-ROP attacks.
View via Publisher (opens in a new tab)

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection

This paper provides the first comprehensive security analysis of various CFI solutions, and shows that with bare minimum assumptions, turing-complete and real-world ROP attacks can still be launched even when the strictest of enforcement policies is in use.
View Paper (opens in a new tab)

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis

This paper proposes a novel method for thwarting statistical traffic analysis algorithms by optimally morphing one class of traffic to look like another class, and shows how to optimally modify packets in real-time to reduce the accuracy of a variety of traffic classifiers while incurring much less overhead than padding.
View Paper (opens in a new tab)
...
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)