Security Research

INS Reading Group

We are a reading group on security research. Every two weeks (except summer and winter break), we discuss various papers, share insights, and learn together. Everyone is welcome to join our reading group.

To join the mailing list and receive session announcements, write to mario.lins@ins.jku.at.

Papers

Date Paper Link
A Practical Solution to Systematically Monitor Inconsistencies in SBOM-based Vulnerability Scanners Rosso, M., Jaffar, M. A. J., Brighente, A., & Conti, M.
No Root, No Problem: Automating Linux Least Privilege and Securing Ansible Deployments Billoir, E., Laborde, R., Canavese, D., Rütschlé, Y., Wazan, A. S., & Benzekri, A.
The Decentralisation Paradox in Digital Identity: Centralising Decentralisation with Digital Wallets? Konstantinidis, I., Mavridis, I., & Markakis, E. K.
Hey there! You are using WhatsApp: Enumerating Three Billion Accounts for Security and Privacy Gegenhuber, G. K., Frenzel, P. É., Günther, M., Ullrich, J., & Judmayer, A.
Large-scale online deanonymization with LLMs Lermen, S., Paleka, D., Swanson, J., Aerni, M., Carlini, N., & Tramèr, F.
Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers Scarlata, M., Torrisi, G., Backendal, M., & Paterson, K. G.
INVISILINE: Invisible Plausibly-Deniable Storage Pinjala, S. K., Carbunar, B., Chakraborti, A., & Sion, R.
Analysis and Attacks on the Reputation System of Nym Cao, X. A., & Green, M.
Don’t Look Up: There Are Sensitive Internal Links in the Clear on,GEO Satellites Zhang, W. M., Dai, A., Ryan, K., Levin, D., Heninger, N., & Schulman, A.
Be Aware of What You Let Pass: Demystifying URL-based Authentication Bypass Vulnerability in Java Web Applications Zhang, Q., Liu, F., Lin, Z., & Zhang, Y.
Breaking Bad: How Compilers Break Constant-Time Implementations Schneider, M., Lain, D., Puddu, I., Dutly, N., & Capkun, S.
Born with a Silver Spoon: On the (In)Security of Native Granted App Privileges in Custom Android ROMs Wang, C., Zhao, Y., Deng, J., & Wang, H.
Tracking You from a Thousand Miles Away! Turning a Bluetooth Device into an Apple AirTag Without Root Privileges Chen, J., Ma, X., Luo, L., & Zeng, Q.
Amigo: Secure Group Mesh Messaging in Realistic Protest Settings Inyangson, D., Radway, S., Jois, T. M., Fazio, N., & Mickens, J.
Catch-22: Uncovering Compromised Hosts using SSH Public Keys Munteanu, C., Smaragdakis, G., Feldmann, A., & Fiebig, T.