Disagree on Spectre and Meltdown; Jann Horn and Paul Kocher were not infosec academia and were the first discoverers (academia reverse engineered from Linux changes); AFL forks: Not sure whether stringent evaluation will confirm the "more effective" claim. Agreed on Nexmon & RH.
5
1
17
So lots of bad papers come out of infosec academia, but certainly, there is a lot of good stuff coming from academia. With the exception of Spectre/Meltdown, the side channel space is completely dominated by academia. CFI started in academia. etc.
3
1
18
Many things are discovered multiple times
It happens so often that me or my colleagues have a brilliant idea and just in the search for related work discover that someone already had this idea, often under a different terminology. And I consider it a good sign to have ideas that
2
1
7
and what do you do with those discovered related works? bury them and never ever mention them in your own work or give proper credit? as a sidenote, the CCS05 CFI paper references my other work (ASLR), *except* the one that made their work not novel.
2
2
9
thanks for playing, it was neither :). you just shamed pretty much the entire academic CFI crowed.
1
i don't assume, i know for a fact that say @gannimo knew about RAP when he wrote some of his CFI related papers. now what? ;)
Dec 12, 2018 · 9:33 PM UTC
1




