Digital Threats: Research and Practice

Developers nowadays have access to an arsenal of toolkits and libraries for rapid application prototyping. However, when an application loads a library, the entirety of that library’s code is mapped into the process address space, even if only a single ...

Gaining reliable arbitrary code execution through the exploitation of memory corruption vulnerabilities is becoming increasingly more difficult in the face of modern exploit mitigations. Facing this challenge, adversaries have started shifting their ...

Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of users, intrusions eventually occur. We propose a novel intrusion survivability approach to withstand ongoing intrusions. Our approach relies on an ...

Apps on modern mobile operating systems can access various system resources with, or without, an explicit user permission. Although the OS generally maintains strict separation between apps, an app can still get access to another app’s private ...

Application processors of modern smartphones use the AT interface for issuing high-level commands (or AT-commands) to the baseband processor for performing cellular network operations (e.g., placing a phone call). Vulnerabilities in this interface can ...

Cookies were originally introduced as a way to provide state awareness to websites, and they are now one of the backbones of the current web. However, their use is not limited to store the login information or to save the current state of user browsing. ...

Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to trust a ...