Tag is-paper
16 bookmarks have this tag.
Stuff in Computer Modern font. You know it when you see it.
2024-08-30
Practically-exploitable Cryptographic Vulnerabilities in Matrix
nebuchadnezzar-megolm.github.ioa paper explaining some reasons not to trust Matrix. includes pearls like “a homeserver can silently add user to a E2EE group and decrypt all the following messages and that’s not considered a vulnerability”.
2024-08-21
typedKanren: Statically Typed Relational Programming with Exhaustive Matching in Haskell
arxiv.org/pdf/2408.03170a fun implementation of *Kanren with nice Haskell interoperability. showcases some fun Haskell featues.
2024-08-07
Proquints: Identifiers that are Readable, Spellable, and Pronounceable
arxiv.org/html/0901.4016a fun way to serialize binary data to pronouncable identifiers
2024-06-25
Project REVEAL by Lumen: Analysis of North Korea’s digital control system
www.lumen.global/reveal-reportReport about software found on North Korean smartphones.
2024-05-20
Understanding Real-World Concurrency Bugs in Go
songlh.github.io/paper/go-study.pdfRefinement Proofs in Rust Using Ghost Locks
arxiv.org/pdf/2311.14452Something about tying abstract models to Rust programs, looks useful.
2024-05-14
RFC 9225: Software Defects Considered Harmful
datatracker.ietf.org/doc/html/rfc9225one of my favourite RFCs probably
2024-02-15
How to manipulate curve standards: a white paper for the black hat
bada55.cr.yp.to/bada55-20150927.pdfA paper about choosing “nothing-up-my-sleeve” numbers while having stuff up your sleeve.
2023-11-30
Semantic fuzzing of the Rust compiler and interpreter
ethz.ch/content/dam/ethz/special-interest/infk/inst-pls/plf-dam/documents/StudentProjects/MasterTheses/2023-Andy-Thesis.pdfA very nice paper about fuzzing Rust compiler by generating custom MIR. Found some bugs in both rustc and LLVM, but notably not in Cranelift.
2023-11-28
Efficient Userspace Optimistic Spinning Locks
lpc.events/event/4/contributions/286/attachments/225/398/LPC-2019-OptSpin-Locks.pdfHow to spin before sleeping so that it actually helps and not harms?
2023-11-26
The myrmics memory allocator
citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.1074.2437&rep=rep1&type=pdfA paper about message-passing memory allocator: could be useful for actor systems.
Futexes Are Tricky
dept-info.labri.fr/~denis/Enseignement/2008-IR/Articles/01-futex.pdfDetailed explanation of futexes, including some possible pitfalls.
Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?
www.cs.dartmouth.edu/~sws/pubs/ksbk15-draft.pdfPaper about how IT in healthcare in general and IT security in particular is done by people who don’t actually use it, listing different problems and workarounds that end up being used in the field.
Sacrificing convenience for security leads you to having neither security nor convenience.
2023-11-25
Optimizing Dynamically-Typed Object-Oriented Languages With Polymorphic Inline Caches
bibliography.selflanguage.org/_static/pics.pdfAbstract: Polymorphic inline caches (PICs) provide a new way to reduce the overhead of polymorphic message sends by extending inline caches to include more than one cached lookup result per call site. For a set of typical object-oriented SELF programs, PICs achieve a median speedup of 11%.
RefinedC: Automating the Foundational Verification of C Code with Refined Ownership Types
plv.mpi-sws.org/refinedc/paper.pdfA Riddle Wrapped in an Enigma
eprint.iacr.org/2015/1018.pdfIn August 2015 the U.S. National Security Agency (NSA) released a major policy statement on the need for post-quantum cryptography (PQC). This announcement will be a great stimulus to the development, standardization, and commercialization of new quantum-safe algorithms. However, certain peculiarities in the wording and timing of the statement have puzzled many people and given rise to much speculation concerning the NSA, elliptic curve cryptography (ECC), and quantum-safe cryptography. Our purpose is to attempt to evaluate some of the theories that have been proposed.