John Aycock

Does domain highlighting help people identify phishing sites

Phishers are fraudsters that mimic legitimate websites to steal users credenfitial information and exploit that information for identity theft and other criminal activities. Various anti-phishing techniques attempt to mitigate such attacks. Domain highlighting is one such approach recently incorporated by several popular web browsers. The idea is simple: the domain name of an address is highlighted in the address bar, so that users can inspect it to determine a web sites legitimacy. Our research asks a basic question: how well does domain highlighting work? To answer this, we showed 22 participants 16 web pages typical of those targeted for phishing attacks, where participants had to determine the pages legitimacy. In the first round, they judged the pages legitimacy by whatever means they chose. In the second round, they were directed specifically to look at the address bar. We found that participants fell into 3 types in terms of how they determined the legitimacy of a web page; while domain highlighting was somewhat effective for one user type, it was much less effective for others. We conclude that domain highlighting, while providing some benefit, cannot be relied upon as the sole method to prevent phishing attacks.

Practical Earley Parsing

Earley’s parsing algorithm isa general algorithm, ableto handleany context-free grammar. As with most parsing algorithms, however, the presence of grammar rules having empty right-hand sides complicates matters. By analyzing why Earley’s algorithm struggles with these grammar rules, we have devised a simple solution to the problem. Our empty-rule solution leads to a new type of finite automaton expressly suited for use in Earley parsers and to a new statement of Earley’s algorithm. We show that this new form of Earley parser is much more time efficient in practice than the original.

Simple Generation of Static Single-Assignment Form

The static single-assignment (SSA) form of a program provides data flow information in a form which makes some compiler optimizations easy to perform. In this paper we present a new, simple method for convertingto SSA form, which produces correct solutions for nonreducible control-flow graphs, and produces minimal solutions for reducible ones. Our timing results show that, despite its simplicity, our algorithm is competitive with more established techniques.

Even faster generalized LR parsing

Abstract. We prove a property of generalized LR (GLR) parsing – if the grammar is without right and hidden left recursions, then the number of consecutive reductions between the shifts of two adjacent symbols cannot be greater than a constant. Further, we show that this property can be used for constructing an optimized version of our GLR parser. Compared with a standard GLR parser, our optimized parser reads one symbol on every transition and performs significantly fewer stack operations. Our timings show that, especially for highly ambiguous grammars, our parser is significantly faster than a standard GLR parser.

ThinAV: truly lightweight mobile cloud-based anti-malware

This paper introduces ThinAV, an anti-malware system for Android that uses pre-existing web-based file scanning services for malware detection. The goal in developing ThinAV was to assess the feasibility of providing real-time anti-malware scanning over a wide area network where resource limitation is a factor. As a result, our research provides a necessary counterpoint to many of the big-budget, resource-intensive idealized solutions that have been suggested in the area of cloud-based security. The evaluation of ThinAV shows that it functions well over a wide area network, resulting in a system which is highly practical for providing anti-malware security on smartphones.

Schrödinger's token

A common problem when writing compilers for programming languages or little, domain‐specific languages is that an input token may have several interpretations, depending on context. Solutions to this problem demand programmer intervention, obfuscate the languages grammar, and may introduce subtle bugs. We present a technique which is simple and without the above drawbacks—allowing a token to simultaneously have different types—and show how it can be applied to areas such as little language processing and fuzzy parsing. We also describe ways that compiler tools can support this technique. Copyright

Faster Generalized LR Parsing

Tomita devised a method of generalized LR (GLR) parsing to parse ambiguous grammars efficiently. A GLR parser uses linear-time LR parsing techniques as long as possible, falling back on more expensive general techniques when necessary.

Kwyjibo: automatic domain name generation

This paper presents a variation of the visitor pattern which allows programmers to write visitor-like code in a concise way. The Runabout is a library extension that adds a limited form of multi-dispatch to Java. While the Runabout is not as expressive as a general multiple dispatching facility, the Runabout can be significantly faster than existing implementations of multiple dispatch for Java, such as MultiJava. Unlike MultiJava, the Runabout does not require changes to the syntax and the compiler. This paper illustrates how to use the Runabout, details its implementation and provides benchmarks comparing its performance with other approaches. Furthermore, the effect of an automatic static program transformation tool that translates bytecode using the Runabout to equivalent bytecode is evaluated. The tool uses double dispatch and runtime-type checks to achieve the same semantics that the Runabout has. The performance comparisons on large benchmarks that make extensive use of multiple dispatch show that using the Runabout does not result in a significant loss of performance for realistic applications and that, depending on the application and platform, small performance gains are also possible. Copyright

Computer Science Security Research and Human Subjects: Emerging Considerations for Research Ethics Boards

This paper explores the growing concerns with computer science research, and in particular, computer security research and its relationship with the committees that review human subjects research. It offers cases that review boards are likely to confront, and provides a context for appropriate consideration of such research, as issues of bots, clouds, and worms enter the discourse of human subjects review.

Quorum sensing and self-stopping worms

Random-scanning worms can be adapted, without a complex overlay control network, to stop their scanning activity once a certain percentage of all vulnerable hosts have been infected. This modification makes a worm more difficult to detect for a defender. This paper examines the theoretical concept of a perfect self-stopping algorithm, and discusses some of the limitations of Ma et al.s Sum-Count-X self-stopping mechanism [7]. An alternative self-stopping mechanism based on the bacterial mechanism of quorum sensing [4] is suggested, and its feasibility is explored via simulation. Possible counter-measures to this new mechanism are also discussed