A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations

Lian, Wilson; Shacham, Hovav; Savage, Stefan

doi:10.14722/ndss.2017.23108

Cited by 6 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Despite the widespread support and implementation of DNSSEC among top-level domains, studies such as (Chung et al, 2017;Lian et al, 2013;Osterweil et al, 2008;Yang et al, 2011) have found that its adoption has been low, due to factors such as lack of support from local resolvers and server misconfigurations.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Analysis on the Implementation of Secure Web-Related Protocols in Portuguese City Councils

2023

IJMCNM

View full text Add to dashboard Cite

The services supporting the websites, both public and private entities, may support security protocols such as HTTPS or DNSSEC. Public and private entities have a responsibility to ensure the security of their online platforms. Entities in the public domain such as city councils provide their services through their websites. However, each city council has its systems, configurations, and IT teams, and this means they have different standings regarding the security protocols supported. This paper analyzes the status of security protocols on Portuguese city council websites, specifically HTTPS and DNSSEC. The study evaluated 308 city council websites using a script developed for the research, and data was collected from the website of Direção Geral das Autarquias Locais (DGAL) on December 14, 2022, and the websites were scanned on December 22, 2022. The results of this assessment reveal that around 97% of city council websites use RSA as their encryption algorithm and around 84% use 2048-bit length keys for digital certificate signing. Furthermore, about 53% of the city council websites are still supporting outdated and potentially insecure SSL/TLS versions, and around 95% of the councils are not implementing DNSSEC in their domains. These results highlight potential areas for improvement in cybersecurity measures and can serve as a baseline to track progress toward improving cybersecurity maturity in Portuguese city councils.

show abstract

Section: Related Workmentioning

confidence: 99%

“…The DNSSEC subsection of this work assesses the use of the DNSSEC protocol by municipal councils in Portugal. Figure 6 of DNSSEC among top-level domains, studies have found that its adoption by lower-level domains, such as municipal councils, has been low (Chung et al, 2017;Lian et al, 2013;Osterweil et al, 2008;Yang et al, 2011).…”

Section: Dnssecmentioning

confidence: 99%

An Analysis on the Implementation of Secure Web-Related Protocols in Portuguese City Councils

2023

IJMCNM

View full text Add to dashboard Cite

show abstract

“…The measurement results are publicly available. 1 Last, (iii) we develop and publish an open source tool with which operators can easily monitor their rollover themselves. 2 The registry of the Brazilian ccTLD .br used this tool to monitor their algorithm rollover in August 2018 [10], following our method.…”

mentioning

confidence: 99%

Rolling With Confidence: Managing the Complexity of DNSSEC Operations

Müller

Chung

Mislove

et al. 2019

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

The domain name system (DNS) is the naming system on the Internet. With the DNS security extensions (DNSSECs) operators can protect the authenticity of their domain using public key cryptography. DNSSEC, however, can be difficult to configure and maintain: operators need to replace keys to upgrade their algorithm, react to security breaches or follow key management policies. These tasks are not trivial. If operators do not time changes to their keys right, caching resolvers may not have access to the correct keys, potentially rendering DNS zones unavailable for minutes or hours. While best current practices give abstract guidelines on how to introduce and withdraw keys, information on how to monitor and control actual rollovers in a live environment is lacking. More specifically, it is challenging for operators to know when to introduce or withdraw keys based on the state of the network. Our main contribution is to help operators answer this question and to address this barrier for deploying DNSSEC. We develop a method with which operators can monitor the replacement of DNSSEC keys, called a rollover. Thereby, they can make confident decisions during the rollover and make sure their zone stays available at all times. We validate the method with an algorithm rollover of the Swedish TLD .se and provide an open source tool with which operators can monitor their rollover themselves.

show abstract

Multilayer ROP Protection Via Microarchitectural Units Available in Commodity Hardware

Tymburiba

Sousa²,

Pereira³

2019

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations

Cited by 6 publications

References 15 publications

An Analysis on the Implementation of Secure Web-Related Protocols in Portuguese City Councils

An Analysis on the Implementation of Secure Web-Related Protocols in Portuguese City Councils

Rolling With Confidence: Managing the Complexity of DNSSEC Operations

Multilayer ROP Protection Via Microarchitectural Units Available in Commodity Hardware

Contact Info

Product

Resources

About