Communications of the ACM Security The latest news, opinion and research in security, from Communications online.
- Exploiting Cross-Layer Vulnerabilities: Off-Path Attacks on the TCP/IP Protocol Suiteby Xuewei Feng on February 21, 2025 at 3:02 pm
An investigation of vulnerabilities within the TCP/IP protocol suite that can be exploited by forged ICMP errors.
- A Glimpse Into the Pandora’s Boxby Jack West on February 20, 2025 at 8:42 pm
A combination of safety measures and safety labels should be developed and employed on how AI models in applications analyze camera frames in real time.
- R2T: Instance-Optimal Truncation for Differentially Private Query Evaluation with Foreign Keysby Wei Dong on February 20, 2025 at 5:20 pm
The first DP mechanism for answering arbitrary SPJA queries in a database with foreign-key constraints.
- Technical Perspective: Toward Building a Differentially Private DBMSby Graham Cormode on February 20, 2025 at 5:18 pm
The paper is an important step toward automatically ensuring privacy for arbitrary computations.
- AI Agents: Automation is Not Enoughby Shanmugam Sudalaimuthu on January 31, 2025 at 5:54 pm
AI Agents adapt to changes, learn from feedback, and can act autonomously or in collaboration with humans or other agents.
- The Infamous Infostealersby David Geer on January 31, 2025 at 5:33 pm
Infostealers have been siphoning sensitive data for more than 16 years, since the first banking Trojan stole usernames and passwords.
- It Is Time to Standardize Principles and Practices for Software Memory Safetyby Robert N. M. Watson on January 22, 2025 at 3:09 pm
Memory-safety standardization is an essential step to promoting universal strong memory safety in government and industry, and to ensure access to more secure software for all.
- Questioning the Criteria for Evaluating Non-Cryptographic Hash Functionsby Catherine Hayes on January 15, 2025 at 3:14 pm
There seems to be a gap in how cryptographic and non-cryptographic hash functions are designed.
- Building on Shaky Groundby George V. Neville-Neil on January 13, 2025 at 8:49 pm
It simply is not appropriate to write code that will be connected to the Internet in an unsafe language such as C.
- How Software Bugs led to ‘One of the Greatest Miscarriages of Justice’ in British Historyby Mark Halper on January 8, 2025 at 5:57 pm
Bad coding and bad testing characterize the software that led to wrongful convictions, financial ruin, and four suicides.
