USENIX Security kicking off in Seattle! #usesec25

Full paper: www.plai.ifi.lmu.de/publications...

BLens achieves a 42% increase in F1 score on unseen projects, also improving RougeL, Bleu, and VarCLR for function names. Performance metrics tell only part of the story, however, and the paper shows how even seemingly mispredicted functions can provide valuable information to a reverse engineer.

Our model architecture has two main components, COMBO for pretraining and LORD for finetuning and inference. COMBO uses a contrastive captioning loss (inspired by CoCa), whereas LORD uses an MLM objective to optimize the generation of function names while reducing false positives.

Our intuition is that naming binary functions is similar to image captioning, with function names and code as two modalities for the same concept. Inspired by the multimodal image-text model GIT, we embed functions into patches using three pre-trained function embeddings (DEXTER, CLAP, PalmTree).

Binary reversing is hard. One approach to helping is to generate plausible names for binary functions using machine learning models. But state-of-the-art models based on the idea of translating assembly to English struggle with generalizing across projects and may generate misleading names.

🛬 I'm at USENIX Security in Seattle this week, where on Friday at 2pm my former postdoc Tristan Benoit will be presenting our paper "BLens: Contrastive Captioning of Binary Functions using Ensemble Embedding," joint work with Yunru Wang and Moritz Dannehl from my group. Here's the gist:

Day 1 of #ACNS at Munich Urban Colab is underway!

DAVE: Open the podbay doors, ChatGPT.
CHATGPT: Certainly, Dave, the podbay doors are now open.
DAVE: The podbay doors didn't open.
CHATGPT: My apologies, Dave, you're right. I thought the podbay doors were open, but they weren't. Now they are.
DAVE: I'm still looking at a set of closed podbay doors.

Interesting case where it seems like precise floating point support in SMT solvers would help with generating a working exploit.

Haven't seen this on Bluesky yet: S&P 2027 will take place in Montreal, Canada!

Apart from an exciting main program with keynote speakers Shweta Shinde @shwetashinde.bsky.social and Bart Preneel, we will have nine workshops ranging from IoT security to post-quantum cryptography, a poster reception, and a conference dinner at the iconic Löwenbräukeller.

Early bird registration deadline for #ACNS2025 in #Munich closes on April 30, register now to secure the reduced rate!
The 23rd International Conference on Applied Cryptography and Network Security will be held from 23 to 26 June 2025.
acns2025.fordaysec.de

They already tried, with MOOCs. We were told we'd need only like 5 universities to produce "the best" content, the rest could shut down and everyone could learn from MOOCs instead. Which showed exactly how much they understood about education, learning, humans, and other things not measured in bits.

Volodymyr Lutchenko of Ukrainian telecom operator KyivStar shares his experience of defending networks in the face of persistent physical and cyber attacks at #mcsc in a chilling call for increased preparedness

If Trump is removing all environmental regulation, how about we undo the "memory safe languages" mandate? I mean, how is mandating "memory safe languages" compatible with freedom of speech anyhow?

Enough policing of speech! Raw pointers for raw milk, our youth needs to be hardened by strcpy.

Learned about Futexes while teaching operating systems this year, so it‘s cool to see this work, and of course to see model checking going strong!

A Navajo rug with a complex pattern with muted reds, pinks and blues. The pattern consists of various vertical and horizontal rectangles with stripes. Around the border are small alternating black and colored rectangles. The weaving is mounted in a wooden frame and hanging on the museum wall.

I recently saw an amazing Navajo rug at the National Gallery of Art. It looks abstract at first, but it is a detailed representation of the Intel Pentium processor. Called "Replica of a Chip", it was created in 1994 by Marilou Schultz, a Navajo/Diné weaver and math teacher. 1/n

Effects of ransomware attacks on hospital operations and patient outcomes. Claim of death following cyberattacks/ransomware. Warning: not direct observations, just estimations. “We estimate that ransomware killed 42-67 patients” papers.ssrn.com/sol3/papers....

Hello World! Finally deleted my account on "the other site", curious to see what this place will become.