Swivel: Hardening WebAssembly against Spectre, Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, and Deian Stefan,
Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.
Jetset: Targeted Firmware Rehosting for Embedded Systems, Evan Johnson, Maxwell Bland, Yifei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, and Kirill Levchenko,
Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.
Can Systems Explain Permissions Better? Understanding Users' Misperceptions under Smartphone Runtime Permission Model, Bingyu Shen, Lili Wei, Chengcheng Xiang, Yudong Wu, Mingyao Shen, Yuanyuan Zhou, and Xinxin Jin,
Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.
CoResident Evil: Covert Communications in the Cloud with Lambdas, Anil Yelam, Ariana Mirian, Keerthana Ganesan, Shibani Subbareddy, and Stefan Savage,
Proceedings of the Web Conference (WWW), Ljubljana, Solvenia, arp 2021.
Clairvoyance: Inferring Blocklist Use on the Internet, Vector Guo Li, Gautam Akiwate, Kirill Levchenko, Geoffrey M. Voelker, and Stefan Savage,
Proceedings of the Passive and Active Measurement Conference (PAM), Brandenburg, Germany, March 2021.
Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest
Majority, Megan Chen, Carmit Hazay, Yuval Ishai, Yuriy Kashnikov, Daniele Micciancio, Tarik Riviere, Abhi Shelat, Muthuramakrishnan Venkitasubramaniam, and Ruihan Wang,
Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2021.
Доверя́й, но проверя́й: SFI safety for native-compiled Wasm, Evan Johnson, David Thien, Yousef Alhessi, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, and Deian Stefan,
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2021.
Automatically Eliminating Speculative Leaks from CryptograpHic Code with Blade, Marco Vassena, Craig Disselkoen, Klaus v. Gleissenthall, Sunjay Cauligi, Rami G¨okhan Kic, Ranjit Jhala, Dean Tullsen, and Deian Stefan,
Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Internet, January 2021. (Distinguished paper).
The Road to Less Trusted Code: Lowering the Barrier to In-Process Sandboxing, Tal Garfinkel, Shravan Narayan, Craig Disselkoen, Hovav Shacham, and Deian Stefan,
USENIX ;login: 45(5), December 2020.
Unresolved Issues: Prevalence, Persistence and Perils of Lame Nameservers, Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Ian Foster, Stefan Savage, Geoffrey M. Voelker, and kc Claffy,
Proceedings of the ACM Internet Measurement Conference, Pittsburgh, Pennsylvania (via the Internet), October 2020.
Trufflehunter: Cache Sniffing Rare Domains at Large Public DNS Resolvers, Audrey Randall, Enze Liu, Gautam Akiwate, Ramakrishna Padmanabhan, Stefan Savage, Geoffrey M. Voelker, and Aaron Schulman,
Proceedings of the ACM Internet Measurement Conference, Pittsburgh, Pennsylvania (via the Internet), October 2020.
Comparing the Difficulty of Factorization and Discrete Logarithm:
A 240-Digit Experiment, Fabrice Boudot, Pierrick Gaudry, Aurore Guillevic, Nadia Heninger, Emmanuel Thom´e, and Paul Zimmermann,
Proceedings of Crypto 2020, Santa Barbara, CA, August 2020.
Liquid Information Flow Control, Nadia Polikarpova, Deian Stefan, Jean Yang, Shachar Itzhaky, Travis Hance, and Armando Solar-Lezama,
Proceedings of International Conference on Functional Programming, August 2020. (Distinguished paper).
TPM-FAIL: TPM meets Timing and Lattice Attacks, Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger,
Proceedings of the USENIX Security Symposium, August 2020.
CopyCat: Controlled Instruction-Level Attacks on Enclaves, Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar,
Proceedings of the USENIX Security Symposium, August 2020.
Sys: a Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code, Fraser Brown, Deian Stefan, and Dawson Engler,
Proceedings of the USENIX Security Symposium, August 2020.
Retrofitting Fine Grain Isolation in the Firefox Renderer, Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan,
Proceedings of the USENIX Security Symposium, August 2020. (Distinguished paper).
Exploring Connections Between Active Learning and Model Extraction, Varun Chandrasekaran, Kamalika Chaudhuri, Irene Giacomelli, Somesh Jha, and Songbai Yan,
Proceedings of the USENIX Security Symposium, August 2020.
Towards a verified range analysis for JavaScript JITs, Fraser Brown, John Renner, Andres Nöetzli, Sorin Lerner, Hovav Shacham, and Deian Stefan,
Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), June 2020.
Constant-time foundations for the new Spectre era, Sunjay Cauligi, Craig Disselkoen, Klaus von Gleissenthall, Dean Tullsen, Deian Stefan, Tamara Rezk, and Gilles Barthe,
Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), June 2020.
Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs, Boqin Qin, Yilun Chen, Zeming Yu, Linhai Song, and Yiying Zhang,
Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), June 2020. (The first two authors contributed equally.).
Properties of constacyclic codes under the Schur product, Brett Hemenway Falk, Nadia Heninger, and Michael Rudow,
Designs, Codes, and Cryptography 88(6), June 2020.
Improved Discrete Gaussian and Subgaussian Analysis for Lattice Cryptography, Nicholas Genise, Daniele Micciancio, Chris Peikert, and Michael Walter,
Proceedings of PKC 2020, June 2020.
Pseudorandom Black Swans: Cache Attacks on CTRDRBG, Shaanan Cohney, Andrew Kwong, Shahar Paz, Daniel Genkin, Nadia Heninger, Eyal Ronen, and Yuval Yarom,
Proceedings of the IEEE Symposium on Security and Privacy, May 2020.
Packet Chasing: Spying on Network Packets over a Cache Side-Channel, Mohammadkazem Taram, Ashish Venkat, and Dean M. Tullsen,
Proceedings of ACM/IEEE Annual International Symposium on Computer Architecture,
ISCA 2020, May 2020.
Separate Your Domains: NIST PQC KEMs, Oracle Cloning and Read-Only
Indifferentiability, Mihir Bellare, Hannah Davis, and Felix Günther,
Proceedings of Eurocrypt 2020, Virtual, May 2020.
Security Under Message-Derived Keys: Signcryption in iMessage, Mihir Bellare and Igors Stepanovs,
Proceedings of Eurocrypt 2020, Virtual, May 2020.
Shredder: Learning Noise Distributions to Protect Inference Privacy, Fatemehsadat Mireshghallah, Mohammadkazem Taram, Prakash Ramrakhyani, Ali Jalali, Dean M. Tullsen, and Hadi Esmaeilzadeh,
Proceedings of Architectural Support for Programming Languages and
Operating Systems (ASPLOS) 2020, April 2020.
Dark Matter: Uncovering the DarkComet RAT Ecosystem, Brown Farinholt, Mohammad Rezaeirad, Damon McCoy, and Kirill Levchenko,
Proceedings of The Web Conference (WWW), Taipei, Taiwan, April 2020.