Despite the rise of interpreted languages and the World Wide Web, binary analysis has remained the focus of much research in computer security. There are several reasons for this. First, interpreted languages are either interpreted by binary programs or Just-In-Time compiled down to binary code. Second, "core" OSconstructs and performance-critical applications are still writtenin languages (usually, C or C++) that compile down to binary code. Third, the rise of the Internet of Things is powered by devices that are, in general, very resource-constrained. Without cycles to waste on interpretation or Just-In-Time compilation, the firmware of these devices tends to be written in languages (again, usually C) that compile to binary. Unfortunately, many of these languages provide few security guarantees, often leading to vulnerabilities. For example, buffer overflows stubbornly remain as one of the most common discovered software flaws despite efforts to develop technologies to mitigate such vulnerabilities. Worse, the wider class of memory corruption vulnerabilities", the vast majority of which also stem from the use of unsafe languages, make up a substantial portion of the most common vulnerabilities. This problem is not limited to software on general-purpose computing devices: remotely exploitable vulnerabilities have been discovered in devices ranging from smart locks, to pacemakers, to automobiles. However, finding vulnerabilities in binaries and generating patches that fix exploitable flaws is challenging because of the lack of high-level abstractions, such as type information and control ow constructs. Current approaches provide tools to support the manual analysis of binaries, but are far from being completely automated solutions to the vulnerability analysis of binary programs. To foster research in automated binary analysis, in October of 2013, DARPA announced the DARPA Cyber Grand Challenge (CGC). Like DARPA Grand Challenges in other fields (such as robotics and autonomous vehicles), the CGC pits teams from around the world against each other in a competition in which the participants are autonomous systems. During the CGC competition, these systems must identify, exploit, and patch vulnerabilities in binary programs, without any human in the loop. Millions of dollars in prize money were announced: the top 7 teams to complete the CGC Qualifying Event (held in June, 2015) received 750,000 USD, and the top 3 teams in the CGC Final Event (held in August, 2016) will receive 2,000,000 USD, 1,000,000 USD, and 750,000 USD, respectively. The Shellphish hacking team is one of the qualified teams. This talk presents some insights into the field of automated binary analysis exploitation and patching, gained through the participation in the CGC competition. In addition, the talk provides a discussion of the use of competitions to foster both research and education, based on the experience in designing and running a large-scale live security hacking compe
{"title":"Binary Analysis for Autonomous Hacking: Invited Abstract","authors":"G. Vigna","doi":"10.1145/2897845.2901788","DOIUrl":"https://doi.org/10.1145/2897845.2901788","url":null,"abstract":"Despite the rise of interpreted languages and the World Wide Web, binary analysis has remained the focus of much research in computer security. There are several reasons for this. First, interpreted languages are either interpreted by binary programs or Just-In-Time compiled down to binary code. Second, \"core\" OSconstructs and performance-critical applications are still writtenin languages (usually, C or C++) that compile down to binary code. Third, the rise of the Internet of Things is powered by devices that are, in general, very resource-constrained. Without cycles to waste on interpretation or Just-In-Time compilation, the firmware of these devices tends to be written in languages (again, usually C) that compile to binary. Unfortunately, many of these languages provide few security guarantees, often leading to vulnerabilities. For example, buffer overflows stubbornly remain as one of the most common discovered software flaws despite efforts to develop technologies to mitigate such vulnerabilities. Worse, the wider class of memory corruption vulnerabilities\", the vast majority of which also stem from the use of unsafe languages, make up a substantial portion of the most common vulnerabilities. This problem is not limited to software on general-purpose computing devices: remotely exploitable vulnerabilities have been discovered in devices ranging from smart locks, to pacemakers, to automobiles. However, finding vulnerabilities in binaries and generating patches that fix exploitable flaws is challenging because of the lack of high-level abstractions, such as type information and control ow constructs. Current approaches provide tools to support the manual analysis of binaries, but are far from being completely automated solutions to the vulnerability analysis of binary programs. To foster research in automated binary analysis, in October of 2013, DARPA announced the DARPA Cyber Grand Challenge (CGC). Like DARPA Grand Challenges in other fields (such as robotics and autonomous vehicles), the CGC pits teams from around the world against each other in a competition in which the participants are autonomous systems. During the CGC competition, these systems must identify, exploit, and patch vulnerabilities in binary programs, without any human in the loop. Millions of dollars in prize money were announced: the top 7 teams to complete the CGC Qualifying Event (held in June, 2015) received 750,000 USD, and the top 3 teams in the CGC Final Event (held in August, 2016) will receive 2,000,000 USD, 1,000,000 USD, and 750,000 USD, respectively. The Shellphish hacking team is one of the qualified teams. This talk presents some insights into the field of automated binary analysis exploitation and patching, gained through the participation in the CGC competition. In addition, the talk provides a discussion of the use of competitions to foster both research and education, based on the experience in designing and running a large-scale live security hacking compe","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127342318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yu-Ming Ke, Chih-Wei Chen, H. Hsiao, A. Perrig, V. Sekar
This study stems from the premise that we need to break away from the "reactive" cycle of developing defenses against new DDoS attacks (e.g., amplification) by proactively investigating the potential for new types of DDoS attacks. Our specific focus is on pulsating attacks, a particularly debilitating type that has been hypothesized in the literature. In a pulsating attack, bots coordinate to generate intermittent pulses at target links to significantly reduce the throughput of TCP connections traversing the target. With pulsating attacks, attackers can cause significantly greater damage to legitimate users than traditional link flooding attacks. To date, however, pulsating attacks have been either deemed ineffective or easily defendable for two reasons: (1) they require a central coordinator and can thus be tracked; and (2) they require tight synchronization of pulses, which is difficult even in normal non-congestion scenarios. This paper argues that, in fact, the perceived drawbacks of pulsating attacks are in fact not fundamental. We develop a practical pulsating attack called CICADAS using two key ideas: using both (1) congestion as an implicit signal for decentralized implementation, and (2) a Kalman-filter-based approach to achieve tight synchronization. We validate CICADAS using simulations and wide-area experiments. We also discuss possible countermeasures against this attack.
{"title":"CICADAS: Congesting the Internet with Coordinated and Decentralized Pulsating Attacks","authors":"Yu-Ming Ke, Chih-Wei Chen, H. Hsiao, A. Perrig, V. Sekar","doi":"10.1145/2897845.2897866","DOIUrl":"https://doi.org/10.1145/2897845.2897866","url":null,"abstract":"This study stems from the premise that we need to break away from the \"reactive\" cycle of developing defenses against new DDoS attacks (e.g., amplification) by proactively investigating the potential for new types of DDoS attacks. Our specific focus is on pulsating attacks, a particularly debilitating type that has been hypothesized in the literature. In a pulsating attack, bots coordinate to generate intermittent pulses at target links to significantly reduce the throughput of TCP connections traversing the target. With pulsating attacks, attackers can cause significantly greater damage to legitimate users than traditional link flooding attacks. To date, however, pulsating attacks have been either deemed ineffective or easily defendable for two reasons: (1) they require a central coordinator and can thus be tracked; and (2) they require tight synchronization of pulses, which is difficult even in normal non-congestion scenarios. This paper argues that, in fact, the perceived drawbacks of pulsating attacks are in fact not fundamental. We develop a practical pulsating attack called CICADAS using two key ideas: using both (1) congestion as an implicit signal for decentralized implementation, and (2) a Kalman-filter-based approach to achieve tight synchronization. We validate CICADAS using simulations and wide-area experiments. We also discuss possible countermeasures against this attack.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122100026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cross-site scripting (XSS) attacks keep plaguing the Web. Supported by most modern browsers, Content Security Policy (CSP) prescribes the browser to restrict the features and communication capabilities of code on a web page, mitigating the effects of XSS. This paper puts a spotlight on the problem of data exfiltration in the face of CSP. We bring attention to the unsettling discord in the security community about the very goals of CSP when it comes to preventing data leaks. As consequences of this discord, we report on insecurities in the known protection mechanisms that are based on assumptions about CSP that turn out not to hold in practice. To illustrate the practical impact of the discord, we perform a systematic case study of data exfiltration via DNS prefetching and resource prefetching in the face of CSP. Our study of the popular browsers demonstrates that it is often possible to exfiltrate data by both resource prefetching and DNS prefetching in the face of CSP. Further, we perform a crawl of the top 10,000 Alexa domains to report on the cohabitance of CSP and prefetching in practice. Finally, we discuss directions to control data exfiltration and, for the case study, propose measures ranging from immediate fixes for the clients to prefetching-aware extensions of CSP.
{"title":"Data Exfiltration in the Face of CSP","authors":"S. Acker, Daniel Hausknecht, A. Sabelfeld","doi":"10.1145/2897845.2897899","DOIUrl":"https://doi.org/10.1145/2897845.2897899","url":null,"abstract":"Cross-site scripting (XSS) attacks keep plaguing the Web. Supported by most modern browsers, Content Security Policy (CSP) prescribes the browser to restrict the features and communication capabilities of code on a web page, mitigating the effects of XSS. This paper puts a spotlight on the problem of data exfiltration in the face of CSP. We bring attention to the unsettling discord in the security community about the very goals of CSP when it comes to preventing data leaks. As consequences of this discord, we report on insecurities in the known protection mechanisms that are based on assumptions about CSP that turn out not to hold in practice. To illustrate the practical impact of the discord, we perform a systematic case study of data exfiltration via DNS prefetching and resource prefetching in the face of CSP. Our study of the popular browsers demonstrates that it is often possible to exfiltrate data by both resource prefetching and DNS prefetching in the face of CSP. Further, we perform a crawl of the top 10,000 Alexa domains to report on the cohabitance of CSP and prefetching in practice. Finally, we discuss directions to control data exfiltration and, for the case study, propose measures ranging from immediate fixes for the clients to prefetching-aware extensions of CSP.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114639606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cloud service providers offer storage outsourcing facility to their clients. In a secure cloud storage (SCS) protocol, the integrity of the client's data is maintained. In this work, we construct a publicly verifiable secure cloud storage protocol based on a secure network coding (SNC) protocol where the client can update the outsourced data as needed. To the best of our knowledge, our scheme is the first SNC-based SCS protocol for dynamic data that is secure in the standard model and provides privacy-preserving audits in a publicly verifiable setting. Furthermore, we discuss, in details, about the (im)possibility of providing a general construction of an efficient SCS protocol for dynamic data (DSCS protocol) from an arbitrary SNC protocol. In addition, we modify an existing DSCS scheme (DPDP I) in order to support privacy-preserving audits. We also compare our DSCS protocol with other SCS schemes (including the modified DPDP I scheme). Finally, we figure out some limitations of an SCS scheme constructed using an SNC protocol.
{"title":"Publicly Verifiable Secure Cloud Storage for Dynamic Data Using Secure Network Coding","authors":"Binanda Sengupta, S. Ruj","doi":"10.1145/2897845.2897915","DOIUrl":"https://doi.org/10.1145/2897845.2897915","url":null,"abstract":"Cloud service providers offer storage outsourcing facility to their clients. In a secure cloud storage (SCS) protocol, the integrity of the client's data is maintained. In this work, we construct a publicly verifiable secure cloud storage protocol based on a secure network coding (SNC) protocol where the client can update the outsourced data as needed. To the best of our knowledge, our scheme is the first SNC-based SCS protocol for dynamic data that is secure in the standard model and provides privacy-preserving audits in a publicly verifiable setting. Furthermore, we discuss, in details, about the (im)possibility of providing a general construction of an efficient SCS protocol for dynamic data (DSCS protocol) from an arbitrary SNC protocol. In addition, we modify an existing DSCS scheme (DPDP I) in order to support privacy-preserving audits. We also compare our DSCS protocol with other SCS schemes (including the modified DPDP I scheme). Finally, we figure out some limitations of an SCS scheme constructed using an SNC protocol.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126837352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In Identity-Based Encryption (IBE) system, the Private Key Generator (PKG) holds the master secret key and is responsible for generating private keys for the users. This incurs the key-escrow problem, i.e. the PKG can decrypt any user' any ciphertexts without any possible detection. Also, compromising the master secret key will enable an adversary to do anything to the whole system, and having the master secret key be unavailable implies that new users cannot obtain private keys from the PKG, and existing users cannot get their private keys back from the PKG when they lost them. To address the key-escrow problem and protect the master secret key as much as possible with strong security and availability, distributed PKG protocols supporting threshold policy have been adopted in some IBE schemes. In this paper, we propose a distributed PKG protocol that supports the policy to be any monotonic access structures. Also, we propose the first distributed PKG protocol that supports the dynamic changes of the PKGs and the policy, while remaining the master secret key unchanged. The two protocols do not need any third party acting as a trusted dealer to present, and the master secret key should never be generated or resided in any one single site. The protocols are applicable to a generic IBE template, which covers many existing important IBE schemes. When applied to this generic type of IBE schemes, the two distributed PKG protocols do not affect the encryption and decryption algorithms, and only each user knows his own private key.
{"title":"Dealerless Corporate Key Generation for Identity-Based Encryption Schemes","authors":"Z. Liu, D. Wong, Jack Poon","doi":"10.1145/2897845.2897849","DOIUrl":"https://doi.org/10.1145/2897845.2897849","url":null,"abstract":"In Identity-Based Encryption (IBE) system, the Private Key Generator (PKG) holds the master secret key and is responsible for generating private keys for the users. This incurs the key-escrow problem, i.e. the PKG can decrypt any user' any ciphertexts without any possible detection. Also, compromising the master secret key will enable an adversary to do anything to the whole system, and having the master secret key be unavailable implies that new users cannot obtain private keys from the PKG, and existing users cannot get their private keys back from the PKG when they lost them. To address the key-escrow problem and protect the master secret key as much as possible with strong security and availability, distributed PKG protocols supporting threshold policy have been adopted in some IBE schemes. In this paper, we propose a distributed PKG protocol that supports the policy to be any monotonic access structures. Also, we propose the first distributed PKG protocol that supports the dynamic changes of the PKGs and the policy, while remaining the master secret key unchanged. The two protocols do not need any third party acting as a trusted dealer to present, and the master secret key should never be generated or resided in any one single site. The protocols are applicable to a generic IBE template, which covers many existing important IBE schemes. When applied to this generic type of IBE schemes, the two distributed PKG protocols do not affect the encryption and decryption algorithms, and only each user knows his own private key.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126780070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users. This is caused by a lack of guarantees about what is happening on the server side. As a worst case scenario, the service might be subjected to an insider attack. We use remote attestation of the server to obtain guarantees about the programming of the service. On top of that, we augment Certificate Transparency to distribute information about which services exist and what they do. Combined, this creates a platform that allows legacy clients to obtain security guarantees about Internet services.
{"title":"Attestation Transparency: Building secure Internet services for legacy clients","authors":"J. Beekman, John Manferdelli, D. Wagner","doi":"10.1145/2897845.2897895","DOIUrl":"https://doi.org/10.1145/2897845.2897895","url":null,"abstract":"Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users. This is caused by a lack of guarantees about what is happening on the server side. As a worst case scenario, the service might be subjected to an insider attack. We use remote attestation of the server to obtain guarantees about the programming of the service. On top of that, we augment Certificate Transparency to distribute information about which services exist and what they do. Combined, this creates a platform that allows legacy clients to obtain security guarantees about Internet services.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131872923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In practice, the greatest threat against the security of a digital signature scheme is the exposure of signing key, since the forward security of past signatures and the backward security of future signatures could be compromised. There are some attempts in the literature, addressing forward-secure signature for preventing forgeries of signatures in the past time; however, few studies addressed the backward-security of signatures, which prevents forgeries in the future time. In this paper, we introduce the concept of key-evolving signature with bilateral security, i.e., both forward security and backward security. We first define the bilateral security formally for preventing the adversaries from forging a valid signature of the past and the future time periods in the case of key exposure. We then provide a novel construction based on hub-and-spoke updating structure and the random oracle model, and show that the construction achieves bilateral security and unbounded number of time periods. Finally, we compare our scheme with the existing work by rigorous analysis and experimental evaluation, and demonstrate that our construction is more secure and efficient for practical applications.
{"title":"Bilateral-secure Signature by Key Evolving","authors":"Tao Xiang, Xiaoguo Li, Fei Chen, Y. Mu","doi":"10.1145/2897845.2897864","DOIUrl":"https://doi.org/10.1145/2897845.2897864","url":null,"abstract":"In practice, the greatest threat against the security of a digital signature scheme is the exposure of signing key, since the forward security of past signatures and the backward security of future signatures could be compromised. There are some attempts in the literature, addressing forward-secure signature for preventing forgeries of signatures in the past time; however, few studies addressed the backward-security of signatures, which prevents forgeries in the future time. In this paper, we introduce the concept of key-evolving signature with bilateral security, i.e., both forward security and backward security. We first define the bilateral security formally for preventing the adversaries from forging a valid signature of the past and the future time periods in the case of key exposure. We then provide a novel construction based on hub-and-spoke updating structure and the random oracle model, and show that the construction achieves bilateral security and unbounded number of time periods. Finally, we compare our scheme with the existing work by rigorous analysis and experimental evaluation, and demonstrate that our construction is more secure and efficient for practical applications.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130491894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Proofs of Data Possession/Retrievability (PoDP/PoR) schemes are essential to cloud storage services, since they can increase clients' confidence on the integrity and availability of their data. The majority of PoDP/PoR schemes are constructed from homomorphic linear authentication (HLA) schemes, which decrease the price of communication between the client and the server. In this paper, a new subclass of authentication codes, named ε-authentication codes, is proposed, and a modular construction of HLA schemes from ε-authentication codes is presented. We prove that the security notions of HLA schemes are closely related to the size of the authenticator/tag space and the successful probability of impersonation attacks (with non-zero source states) of the underlying ε-authentication codes. We show that most of HLA schemes used for the PoDP/PoR schemes are instantiations of our modular construction from some ε-authentication codes. Following this line, an algebraic-curves-based ε-authentication code yields a new HLA scheme.
{"title":"Homomorphic Linear Authentication Schemes from (ε)-Authentication Codes","authors":"Shuai Han, Shengli Liu, Fangguo Zhang, Kefei Chen","doi":"10.1145/2897845.2897859","DOIUrl":"https://doi.org/10.1145/2897845.2897859","url":null,"abstract":"Proofs of Data Possession/Retrievability (PoDP/PoR) schemes are essential to cloud storage services, since they can increase clients' confidence on the integrity and availability of their data. The majority of PoDP/PoR schemes are constructed from homomorphic linear authentication (HLA) schemes, which decrease the price of communication between the client and the server. In this paper, a new subclass of authentication codes, named ε-authentication codes, is proposed, and a modular construction of HLA schemes from ε-authentication codes is presented. We prove that the security notions of HLA schemes are closely related to the size of the authenticator/tag space and the successful probability of impersonation attacks (with non-zero source states) of the underlying ε-authentication codes. We show that most of HLA schemes used for the PoDP/PoR schemes are instantiations of our modular construction from some ε-authentication codes. Following this line, an algebraic-curves-based ε-authentication code yields a new HLA scheme.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121341872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
While users tend to indiscriminately use the same device to address every need, exfiltration of information becomes the end game of attackers. Average users need realistic and practical solutions to enable them to mitigate the consequences of a security breach in terms of data leakage. We present StemJail, an open-source security solution to isolate groups of processes pertaining to the same activity into an environment exposing only the relevant subset of user data. At the heart of our solution lies dynamic activity discovery, allowing seamless integration of StemJail into the user workflow. Our userland access control framework only relies on the ability of user to organize data in directories. Thus, it is easily configurable and requires very little user interaction once set up. Moreover, StemJail is designed to run without intrusive changes to the system and to be configured and used by any unprivileged user thanks to the Linux user namespaces.
{"title":"StemJail: Dynamic Role Compartmentalization","authors":"Mickaël Salaün, M. Daubignard, Hervé Debar","doi":"10.1145/2897845.2897912","DOIUrl":"https://doi.org/10.1145/2897845.2897912","url":null,"abstract":"While users tend to indiscriminately use the same device to address every need, exfiltration of information becomes the end game of attackers. Average users need realistic and practical solutions to enable them to mitigate the consequences of a security breach in terms of data leakage. We present StemJail, an open-source security solution to isolate groups of processes pertaining to the same activity into an environment exposing only the relevant subset of user data. At the heart of our solution lies dynamic activity discovery, allowing seamless integration of StemJail into the user workflow. Our userland access control framework only relies on the ability of user to organize data in directories. Thus, it is easily configurable and requires very little user interaction once set up. Moreover, StemJail is designed to run without intrusive changes to the system and to be configured and used by any unprivileged user thanks to the Linux user namespaces.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126600943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Chen Wang, Xiaonan Guo, Yan Wang, Yingying Chen, Bo Liu
The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. This paper reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user's fine-grained hand movements, which enable attackers to reproduce the trajectories of the user's hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user's hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 adults for key-based security systems (i.e. ATM keypads and regular keyboards) through testing on different kinds of wearables. Results demonstrate that such a technique can achieve 80% accuracy with only one try and more than 90% accuracy with three tries, which to our knowledge, is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.
{"title":"Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN","authors":"Chen Wang, Xiaonan Guo, Yan Wang, Yingying Chen, Bo Liu","doi":"10.1145/2897845.2897847","DOIUrl":"https://doi.org/10.1145/2897845.2897847","url":null,"abstract":"The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. This paper reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user's fine-grained hand movements, which enable attackers to reproduce the trajectories of the user's hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user's hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 adults for key-based security systems (i.e. ATM keypads and regular keyboards) through testing on different kinds of wearables. Results demonstrate that such a technique can achieve 80% accuracy with only one try and more than 90% accuracy with three tries, which to our knowledge, is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129468807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: