Angelos D. Keromytis

Georgios Kontaxis, Angelos D. Keromytis, Georgios Portokalidis

Social networking services have attracted millions of users, including individuals, professionals, and companies, that upload massive amounts of content, such as text, pictures, and video, every day. Content creators retain the intellectual property (IP) rights on the content they share with these networks, however, very frequently they implicitly grant them, a sometimes, overly broad license to use that content, which enables the services to use it in possibly undesirable ways. For instance, Facebook claims a transferable, sub-licensable, royalty-free, worldwide license on all user-provided content. Professional content creators, like photographers, are particularly affected. In this paper we propose a design for decoupling user data from social networking services without any loss of functionality for the users. Our design suggests that user data are kept off the social networking service, in third parties that enable the hosting of user-generated content under terms of service and overall environment (e.g., a different location) that better suit the user's needs and wishes. At the same time, indirection schemata are seamlessly integrated in the social networking service, without any cooperation from the server side necessary, so that users can transparently access the off-site data just as they would if hosted in-site. We have implemented our design as an extension for the Chrome Web browser, called Redirect2Own, and show that it incurs negligible overhead on accessing 'redirected' content. We offer the extension as free software and its code as an open-source project.

Theofilos Petsios, Adrian Tang, Dimitris Mitropoulos et al.

Modern applications and Operating Systems vary greatly with respect to how they register and identify different types of content. These discrepancies lead to exploits and inconsistencies in user experience. In this paper, we highlight the issues arising in the modern content handling ecosystem, and examine how the operating system can be used to achieve unified and consistent content identification.

Theofilos Petsios, Jason Zhao, Angelos D. Keromytis et al.

Algorithmic complexity vulnerabilities occur when the worst-case time/space complexity of an application is significantly higher than the respective average case for particular user-controlled inputs. When such conditions are met, an attacker can launch Denial-of-Service attacks against a vulnerable application by providing inputs that trigger the worst-case behavior. Such attacks have been known to have serious effects on production systems, take down entire websites, or lead to bypasses of Web Application Firewalls. Unfortunately, existing detection mechanisms for algorithmic complexity vulnerabilities are domain-specific and often require significant manual effort. In this paper, we design, implement, and evaluate SlowFuzz, a domain-independent framework for automatically finding algorithmic complexity vulnerabilities. SlowFuzz automatically finds inputs that trigger worst-case algorithmic behavior in the tested binary. SlowFuzz uses resource-usage-guided evolutionary search techniques to automatically find inputs that maximize computational resource utilization for a given application.

Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan et al.

We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim's machine -- to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today's web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al., allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser. We describe the fundamentals behind our attack, evaluate its performance using a high bandwidth covert channel and finally use it to construct a system-wide mouse/network activity logger. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on other benign uses of the web browser and of the computer.