shagunattri / papers

papers

Reining in the Web with Content Security Policy

Online Tracking:A 1-million-site Measurement and Analysis

Most Websites Don’t Need to Vibrate:A Cost–Benefit Approach to Improving Browser Security

Protecting Browser State from Web Privacy Attacks

The Geometry of Innocent Flesh on the Bone:Return-into-libc without Function Calls (on the x86)

Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness

Cross-Origin JavaScript Capability Leaks:Detection, Exploitation, and Defense

The Emperor’s New Security IndicatorsAn evaluation of website authenticationand the effect of role playing on usability studies

An Evaluation of Extended Validation andPicture-in-Picture Phishing Attacks

“If HTTPS Were Secure, I Wouldn’t Need 2FA”-End User and Administrator Mental Models of HTTPS"

The Web’s Identity Crisis:Understanding the Effectiveness of Website Identity Indicators

The End is Nigh: Generic Solving of Text-based CAPTCHAs

Recognizing Objects in Adversarial Clutter:Breaking a Visual CAPTCHA

Fantastic Timers and Where to Find Them:High-Resolution MicroarchitecturalAttacks in JavaScript

Protecting Browsers from DNS Rebinding Attacks

Timeless Timing Attacks:Exploiting Concurrency to Leak Secrets over Remote Connection

The Security Architecture of the Chromium Browser

Security vulnerabilities in modern web browser architecture

CSP Is Dead, Long Live CSP! On the Insecurity ofWhitelists and the Future of Content Security Policy

Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services

Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in anEconomic Context

A Real-World Analysis of Kerberos Password Security

The science of guessing: analyzing an anonymized corpus of 70 million passwords

The quest to replace passwords:a framework forcomparative evaluation ofWeb authentication schemes

Microsoft Password Guidance

Baggy Bounds Checking: An Efficient and Backwards-Compatible Defenseagainst Out-of-Bounds Errors

Hacking Blind

Heap Bounds Protection with Low Fat Pointers∗

Building Secure High-Performance Web Services with OKWS

Komodo: Using verification to disentanglesecure-enclave hardware from software

Innovative Instructions and Software Model for Isolated Execution

Iago Attacks: Why the System CallAPI is a Bad Untrusted RPC Interface

Rethinking the Library OS from the Top Down

Software Grand Exposure: SGX Cache Attacks Are Practical

Controlled-Channel Attacks: Deterministic SideChannels for Untrusted Operating Systems

Intel SGX Explained

Practical Enclave Malware with Intel SGX

iOS Security iOS 12.3

The Android Platform Security Model

RIDL: Rogue In-Flight Data Load

EXE: Automatically Generating Inputs of Death

A Look Back at Security Problems in the TCP/IP Protocol Suite

The first collision for full SHA-1

A Meaningful MD5 Hash Collision Attack

International Journal of PoC‖GTFOIssue 0x00, a CFP with PoC

Tales of FAVICONS and Caches:Persistent Tracking in Modern Browsers

SapFix: Automated End-to-End Repair at Scale

NPEfix: Automatic Runtime Repair of Null Pointer Exceptions in Java