Patrick McDaniel
YOU?
Author Swipe
View article: A Practical Guideline and Taxonomy to LLVM's Control Flow Integrity
A Practical Guideline and Taxonomy to LLVM's Control Flow Integrity Open
Memory corruption vulnerabilities remain one of the most severe threats to software security. They often allow attackers to achieve arbitrary code execution by redirecting a vulnerable program's control flow. While Control Flow Integrity (…
View article: Efficient Storage Integrity in Adversarial Settings
Efficient Storage Integrity in Adversarial Settings Open
Storage integrity is essential to systems and applications that use untrusted storage (e.g., public clouds, end-user devices). However, known methods for achieving storage integrity either suffer from high (and often prohibitive) overheads…
View article: On the Robustness Tradeoff in Fine-Tuning
On the Robustness Tradeoff in Fine-Tuning Open
Fine-tuning has become the standard practice for adapting pre-trained models to downstream tasks. However, the impact on model robustness is not well understood. In this work, we characterize the robustness-accuracy trade-off in fine-tunin…
View article: Adversarial Agents: Black-Box Evasion Attacks with Reinforcement Learning
Adversarial Agents: Black-Box Evasion Attacks with Reinforcement Learning Open
Attacks on machine learning models have been extensively studied through stateless optimization. In this paper, we demonstrate how a reinforcement learning (RL) agent can learn a new class of attack algorithms that generate adversarial sam…
View article: Alignment and Adversarial Robustness: Are More Human-Like Models More Secure?
Alignment and Adversarial Robustness: Are More Human-Like Models More Secure? Open
A small but growing body of work has shown that machine learning models which better align with human vision have also exhibited higher robustness to adversarial examples, raising the question: can human-like perception make models more se…
View article: Deserialization Gadget Chains are not a Pathological Problem in Android:an In-Depth Study of Java Gadget Chains in AOSP
Deserialization Gadget Chains are not a Pathological Problem in Android:an In-Depth Study of Java Gadget Chains in AOSP Open
Inter-app communication is a mandatory and security-critical functionality of operating systems, such as Android. On the application level, Android implements this facility through Intents, which can also transfer non-primitive objects usi…
View article: Targeting Alignment: Extracting Safety Classifiers of Aligned LLMs
Targeting Alignment: Extracting Safety Classifiers of Aligned LLMs Open
Alignment in large language models (LLMs) is used to enforce guidelines such as safety. Yet, alignment fails in the face of jailbreak attacks that modify inputs to induce unsafe outputs. In this paper, we introduce and evaluate a new techn…
View article: Err on the Side of Texture: Texture Bias on Real Data
Err on the Side of Texture: Texture Bias on Real Data Open
Bias significantly undermines both the accuracy and trustworthiness of machine learning models. To date, one of the strongest biases observed in image classification models is texture bias-where models overly rely on texture information ra…
View article: Prompted Textures Dataset (PTD)
Prompted Textures Dataset (PTD) Open
The Prompted Textures Dataset (PTD) is a synthetic texture image dataset consisting of 246,285 images across 56 different texture classes from the work On Synthetic Texture Datasets: Challenges, Creation, and Curation. If you find this dat…
View article: ParTEETor: A System for Partial Deployments of TEEs within Tor
ParTEETor: A System for Partial Deployments of TEEs within Tor Open
The Tor anonymity network allows users such as political activists and those under repressive governments to protect their privacy when communicating over the internet. At the same time, Tor has been demonstrated to be vulnerable to severa…
View article: On Scalable Integrity Checking for Secure Cloud Disks
On Scalable Integrity Checking for Secure Cloud Disks Open
Merkle hash trees are the standard method to protect the integrity and freshness of stored data. However, hash trees introduce additional compute and I/O costs on the I/O critical path, and prior efforts have not fully characterized these …
View article: A Public and Reproducible Assessment of the Topics API on Real Data
A Public and Reproducible Assessment of the Topics API on Real Data Open
The Topics API for the web is Google's privacy-enhancing alternative to replace third-party cookies. Results of prior work have led to an ongoing discussion between Google and research communities about the capability of Topics to trade of…
View article: Explorations in Texture Learning
Explorations in Texture Learning Open
In this work, we investigate \textit{texture learning}: the identification of textures learned by object classification models, and the extent to which they rely on these textures. We build texture-object associations that uncover new insi…
View article: A New Era in LLM Security: Exploring Security Concerns in Real-World LLM-based Systems
A New Era in LLM Security: Exploring Security Concerns in Real-World LLM-based Systems Open
Large Language Model (LLM) systems are inherently compositional, with individual LLM serving as the core foundation with additional layers of objects such as plugins, sandbox, and so on. Along with the great potential, there are also incre…
View article: Characterizing the Modification Space of Signature IDS Rules
Characterizing the Modification Space of Signature IDS Rules Open
Signature-based Intrusion Detection Systems (SIDSs) are traditionally used to\ndetect malicious activity in networks. A notable example of such a system is\nSnort, which compares network traffic against a series of rules that match\nknown …
View article: Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving)
Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving) Open
Today, targeted online advertising relies on unique identifiers assigned to users through third-party cookies--a practice at odds with user privacy. While the web and advertising communities have proposed solutions that we refer to as inte…
View article: The Efficacy of Transformer-based Adversarial Attacks in Security Domains
The Efficacy of Transformer-based Adversarial Attacks in Security Domains Open
Today, the security of many domains rely on the use of Machine Learning to detect threats, identify vulnerabilities, and safeguard systems from attacks. Recently, transformer architectures have improved the state-of-the-art performance on …
View article: Systematic Evaluation of Geolocation Privacy Mechanisms
Systematic Evaluation of Geolocation Privacy Mechanisms Open
Location data privacy has become a serious concern for users as Location Based Services (LBSs) have become an important part of their life. It is possible for malicious parties having access to geolocation data to learn sensitive informati…
View article: Secure and Trustworthy Computing 2.0 Vision Statement
Secure and Trustworthy Computing 2.0 Vision Statement Open
The Secure and Trustworthy Computing (SaTC) program within the National Science Foundation (NSF) program serves as the primary instrument for creating novel fundamental science in security and privacy in the United States with broad impact…
View article: Verifiable Sustainability in Data Centers
Verifiable Sustainability in Data Centers Open
Data centers have significant energy needs, both embodied and operational, affecting sustainability adversely. The current techniques and tools for collecting, aggregating, and reporting verifiable sustainability data are vulnerable to cyb…
View article: Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving)
Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving) Open
Today, targeted online advertising relies on unique identifiers assigned to users through third-party cookies--a practice at odds with user privacy. While the web and advertising communities have proposed solutions that we refer to as inte…
View article: Securing Cloud File Systems with Trusted Execution
Securing Cloud File Systems with Trusted Execution Open
Cloud file systems offer organizations a scalable and reliable file storage solution. However, cloud file systems have become prime targets for adversaries, and traditional designs are not equipped to protect organizations against the myri…
View article: Specializing Neural Networks for Cryptographic Code Completion Applications
Specializing Neural Networks for Cryptographic Code Completion Applications Open
Similarities between natural languages and programming languages have prompted researchers to apply neural network models to software problems, such as code generation and repair. However, program-specific characteristics pose unique predi…
View article: Secure IP Address Allocation at Cloud Scale
Secure IP Address Allocation at Cloud Scale Open
Public clouds necessitate dynamic resource allocation and sharing. However, the dynamic allocation of IP addresses can be abused by adversaries to source malicious traffic, bypass rate limiting systems, and even capture traffic intended fo…
View article: The Space of Adversarial Strategies
The Space of Adversarial Strategies Open
Adversarial examples, inputs designed to induce worst-case behavior in machine learning models, have been extensively studied over the past decade. Yet, our understanding of this phenomenon stems from a rather fragmented pool of knowledge;…
View article: Privacy-Preserving Protocols for Smart Cameras and Other IoT Devices
Privacy-Preserving Protocols for Smart Cameras and Other IoT Devices Open
Millions of consumers depend on smart camera systems to remotely monitor their homes and businesses. However, the architecture and design of popular commercial systems require users to relinquish control of their data to untrusted third pa…