Lmst

The second to last trifecta of #HackerSummerCamp, here is the #DCG201 2024 guide for @usenixassociation, @soups & @wootsecurity: https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-sixteen-usenix-security-trifecta-2024-c0e80833eb2d

#usenix #usenix2024 #usenixsecurity #soups #soups2024 #woot #w00t @defcon @philly2600 @bsidesphilly

I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf

#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

Also looking forward to present #SnailLoad at #USENIX2024.
(3/3)

#usenixsecurity #usenixsec #usenixsecurity

I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!

You can read the full paper here: https://stefangast.eu/papers/divide_and_surrender.pdf

#divideandsurrender #hqc #sidechannel #postquantumcrypto #usenixsecurity

A screenshot of the Divide and Surrender paper

I accidentally ended up watching this video again and it is excellent and only become more relevant: https://www.youtube.com/watch?v=ajGX7odA87k&ab_channel=USENIX James Mickens "USENIX Security '18-Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?" #AI #CyberSecurity #USENIXSecurity

Ah ha! 422 videos in the #UsenixSecurity 2023 collection. That will take a minute to transcode. 😅

Are you attending @usenixassociation Security 2023 in Anaheim? The @cydcampus is organizing a 🇨🇭 Reception on August 9th at 7 pm. The event will take place right after the Symposium Reception and is conveniently located just a 10 minute walk away.

We invite all our partners, collaborators and extended network to attend. We want to bring together the cybersecurity community with ties to Switzerland, and you will have the opportunity to network with fellow researchers and discuss the latest developments while enjoying some refreshments and the view.

Don't miss the occasion to meet with my colleagues Martin Strohmeier Vincent Lenders and Bernhard Tellenbach! Reach out to anyone of us if you would like an invite!

Looking forward to meet you in Anaheim!

#USENIX #USENIX23 #USENIXsecurity #conference #cyber #security #cyberdefence #networking

Image with the details of the event also contained in the post

#USENIX #USENIXSecurity

New #censorship analysis publication from #GFWReport: https://gfw.report/publications/usenixsecurity23/en/

TL;DR,
1. The mechanism is passive, and is only run on TCP.
2, When censorship is active, packets are dropped only if from the client.
3. Traffic would be exempt if...
* Randomness doesn't exceed 85%.
* At least the first 6 bytes, or over half of the bytes are printable.
* There are at least 20 successive printable bytes.
* The fingerprint matches a TLS or HTTP connection.
4. Iranian censorship closely resembles Chinese censorship.

📢 Our work on automated discovery of memory safety vulnerabilities in Deep Learning (DL) frameworks has been accepted at USENIX Security
2023! Joint work with Neophytos Christou, Di Jin, Vaggelis Atlidakis, and Baishakhi Ray (Columbia) | https://arxiv.org/abs/2209.14921 | https://gitlab.com/brown-ssl/ivysyn | 39 CVEs 😎 🤘 💣 | #ivysyn #brownssl #usenixsecurity #usesec23