Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.292
Dennis Titze, Michael Lux, J. Schütte
Android apps often include libraries supporting certain features, or allowing rapid app development. Due to Android's system design, libraries are not easily distinguishable from the app's core code. But detecting libraries in apps is needed especially in app analysis, e.g., to determine if functionality is executed in the app, or in the code of the library.Previous approaches detected libraries in ways which are susceptible to code obfuscation. For some approaches, even simple obfuscation will cause unrecognised libraries.Our approach - Ordol - builds upon approaches from plagiarism detection to detect a specific library version inside an app in an obfuscation-resilient manner. We show that Ordol can cope well with obfuscated code and can be easily applied to real life apps.
{"title":"Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications","authors":"Dennis Titze, Michael Lux, J. Schütte","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.292","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.292","url":null,"abstract":"Android apps often include libraries supporting certain features, or allowing rapid app development. Due to Android's system design, libraries are not easily distinguishable from the app's core code. But detecting libraries in apps is needed especially in app analysis, e.g., to determine if functionality is executed in the app, or in the code of the library.Previous approaches detected libraries in ways which are susceptible to code obfuscation. For some approaches, even simple obfuscation will cause unrecognised libraries.Our approach - Ordol - builds upon approaches from plagiarism detection to detect a specific library version inside an app in an obfuscation-resilient manner. We show that Ordol can cope well with obfuscated code and can be easily applied to real life apps.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132152599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.333
Patricia Miquilini, R. G. Rossi, M. G. Quiles, V. V. D. Melo, M. Basgalupp
Automatic data classification is often performed by supervised learning algorithms, producing a model to classify new instances. Reflecting that labeled instances are expensive, semisupervised learning (SSL) methods prove to be an alternative to performing data classification, once the learning demands only a few labeled instances. There are many SSL algorithms, and graph-based ones have significant features. In particular, graph-based models grant to identify classes of different distributions without prior knowledge of statistical model parameters. However, a drawback that might influence their classification performance relays on the construction of the graph, which requires the measurement of distances (or similarities) between instances. Since a particular distance function can enhance the performance for some data sets and decrease to others, here, we introduce a novel approach, called GEAD, a Grammatical Evolution for Automatically designing Distance functions for Graph-based semi-supervised learning. We perform extensive experiments with 100 public data sets to assess the performance of our approach, and we compare it with traditional distance functions in the literature. Results show that GEAD is capable of designing distance functions that significantly outperform the baseline manually-designed ones regarding different predictive measures, such as Micro-F1, and Macro-F1.
{"title":"Automatically Design Distance Functions for Graph-Based Semi-Supervised Learning","authors":"Patricia Miquilini, R. G. Rossi, M. G. Quiles, V. V. D. Melo, M. Basgalupp","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.333","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.333","url":null,"abstract":"Automatic data classification is often performed by supervised learning algorithms, producing a model to classify new instances. Reflecting that labeled instances are expensive, semisupervised learning (SSL) methods prove to be an alternative to performing data classification, once the learning demands only a few labeled instances. There are many SSL algorithms, and graph-based ones have significant features. In particular, graph-based models grant to identify classes of different distributions without prior knowledge of statistical model parameters. However, a drawback that might influence their classification performance relays on the construction of the graph, which requires the measurement of distances (or similarities) between instances. Since a particular distance function can enhance the performance for some data sets and decrease to others, here, we introduce a novel approach, called GEAD, a Grammatical Evolution for Automatically designing Distance functions for Graph-based semi-supervised learning. We perform extensive experiments with 100 public data sets to assess the performance of our approach, and we compare it with traditional distance functions in the literature. Results show that GEAD is capable of designing distance functions that significantly outperform the baseline manually-designed ones regarding different predictive measures, such as Micro-F1, and Macro-F1.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121558839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.
{"title":"Privacy-Preserving Detection of Statically Mutually Exclusive Roles Constraints Violation in Interoperable Role-Based Access Control","authors":"Meng Liu, Xuyun Zhang, Chi Yang, Shaoning Pang, Deepak Puthal, Kaijun Ren","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.277","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.277","url":null,"abstract":"Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123126693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
DNS tunnel is a typical Internet covert channel used by attackers or bots to evade the malicious activities detection. The stolen information is encoded and encapsulated into the DNS packets to transfer. Since DNS traffic is common, most of the firewalls directly allow it to pass and IDS does not trigger an alarm with it. The popular signature-based detection methods and threshold-based methods are not flexible and make high false alarms. The approaches based on characters distribution features also do not perform well, because attackers can modify the encoding method to disturb the characters distributions.In this paper, we propose an effective and applicable DNS tunnel detection mechanism. The prototype system is deployed at the Recursive DNS for tunnel identification. We use four kinds of features including time-interval features, request packet size features, record type features and subdomain entropy features. We evaluate the performance of our proposal with Support Vector Machine, Decision Tree and Logistical Regression. The experiments show that the method can achieve high detection accuracy of 99.96%.
{"title":"Detecting DNS Tunnel through Binary-Classification Based on Behavior Features","authors":"Jingkun Liu, Shuhao Li, Yongzheng Zhang, Jun Xiao, Peng Chang, Chengwei Peng","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.256","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.256","url":null,"abstract":"DNS tunnel is a typical Internet covert channel used by attackers or bots to evade the malicious activities detection. The stolen information is encoded and encapsulated into the DNS packets to transfer. Since DNS traffic is common, most of the firewalls directly allow it to pass and IDS does not trigger an alarm with it. The popular signature-based detection methods and threshold-based methods are not flexible and make high false alarms. The approaches based on characters distribution features also do not perform well, because attackers can modify the encoding method to disturb the characters distributions.In this paper, we propose an effective and applicable DNS tunnel detection mechanism. The prototype system is deployed at the Recursive DNS for tunnel identification. We use four kinds of features including time-interval features, request packet size features, record type features and subdomain entropy features. We evaluate the performance of our proposal with Support Vector Machine, Decision Tree and Logistical Regression. The experiments show that the method can achieve high detection accuracy of 99.96%.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"14 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123675391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.230
Li Li, Tegawendé F. Bissyandé, Jacques Klein
App updates and repackaging are recurrent in the Android ecosystem, filling markets with similar apps that must be identified and analysed to accelerate user adoption, improve development efforts, and prevent malware spreading. Despite the existence of several approaches to improve the scalability of detecting repackaged/cloned apps, researchers and practitioners are eventually faced with the need for a comprehensive pairwise comparison to understand and validate the similarities among apps. This paper describes the design of SimiDroid, a framework for multi-level comparison of Android apps. SimiDroid is built with the aim to support the understanding of similarities/changes among app versions and among repackaged apps. In particular, we demonstrate the need and usefulness of such a framework based on different case studies implementing different analysing scenarios for revealing various insights on how repackaged apps are built. We further show that the similarity comparison plugins implemented in SimiDroid yield more accurate results than the state-of-the-art.
{"title":"SimiDroid: Identifying and Explaining Similarities in Android Apps","authors":"Li Li, Tegawendé F. Bissyandé, Jacques Klein","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.230","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.230","url":null,"abstract":"App updates and repackaging are recurrent in the Android ecosystem, filling markets with similar apps that must be identified and analysed to accelerate user adoption, improve development efforts, and prevent malware spreading. Despite the existence of several approaches to improve the scalability of detecting repackaged/cloned apps, researchers and practitioners are eventually faced with the need for a comprehensive pairwise comparison to understand and validate the similarities among apps. This paper describes the design of SimiDroid, a framework for multi-level comparison of Android apps. SimiDroid is built with the aim to support the understanding of similarities/changes among app versions and among repackaged apps. In particular, we demonstrate the need and usefulness of such a framework based on different case studies implementing different analysing scenarios for revealing various insights on how repackaged apps are built. We further show that the similarity comparison plugins implemented in SimiDroid yield more accurate results than the state-of-the-art.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115270876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.346
Ava Ahadipour, Martin Schanzenbach
In distributed environments, entities are distributed among different security domains and they do not have prior knowledge of one another. In this setting, distributed systems and their security components such as entities, certificates, credentials, policies and trust values are dynamic and constantly changing. Thus, access control models and trust approaches are necessary to support the dynamic and distributed features of such systems and their components. The objective of this paper is to present a comprehensive survey about the security research in distributed systems. We have reviewed the dynamic and distributed nature of the components and evaluation methods of major authorization systems and access control models in existing literature. Based on this overview, we present a survey of selected trust schemes. We provide a categorization for recommendation-based and reputation-based trust models based on trust evaluation. Additionally, we use credential or certificate storage and chain discovery methods for categorizing evidencebased and policy-based trust models. This work can be used as a reference guide to understand authorization and trust management and to further research fully decentralized and distributed authorization systems.
{"title":"A Survey on Authorization in Distributed Systems: Information Storage, Data Retrieval and Trust Evaluation","authors":"Ava Ahadipour, Martin Schanzenbach","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.346","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.346","url":null,"abstract":"In distributed environments, entities are distributed among different security domains and they do not have prior knowledge of one another. In this setting, distributed systems and their security components such as entities, certificates, credentials, policies and trust values are dynamic and constantly changing. Thus, access control models and trust approaches are necessary to support the dynamic and distributed features of such systems and their components. The objective of this paper is to present a comprehensive survey about the security research in distributed systems. We have reviewed the dynamic and distributed nature of the components and evaluation methods of major authorization systems and access control models in existing literature. Based on this overview, we present a survey of selected trust schemes. We provide a categorization for recommendation-based and reputation-based trust models based on trust evaluation. Additionally, we use credential or certificate storage and chain discovery methods for categorizing evidencebased and policy-based trust models. This work can be used as a reference guide to understand authorization and trust management and to further research fully decentralized and distributed authorization systems.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122412578","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.257
Yuqing Qiu, Qingni Shen, Yang Luo, Cong Li, Zhonghai Wu
Due to sharing physical resource, the co-residency of virtual machine (VM) in cloud is inevitable, which brings many security threats, such as side channel attacks and covert channel threats. Most of previous work focused on detecting and resisting a bewildering variety of co-resident attacks. Generally, improving the VM deployment strategy can also mitigate the security threats of co-resident attacks effectively by reducing the probability of VM co-residency. In this paper, we propose a co-residency-resistant VM deployment strategy and define four thresholds to adjust the strategy for security and load balancing. Moreover, two metrics(VM co-residency probability and user co-residency coverage probability) are introduced to evaluate the deployment strategy. Finally, we implement the strategy and run experiments on both OpenStack and CloudSim. The results show that our strategy can reduce VM co-residency by 50% to 66.7% and user co-residency by 50% to 66% compared with the existing strategies.
{"title":"A Secure Virtual Machine Deployment Strategy to Reduce Co-residency in Cloud","authors":"Yuqing Qiu, Qingni Shen, Yang Luo, Cong Li, Zhonghai Wu","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.257","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.257","url":null,"abstract":"Due to sharing physical resource, the co-residency of virtual machine (VM) in cloud is inevitable, which brings many security threats, such as side channel attacks and covert channel threats. Most of previous work focused on detecting and resisting a bewildering variety of co-resident attacks. Generally, improving the VM deployment strategy can also mitigate the security threats of co-resident attacks effectively by reducing the probability of VM co-residency. In this paper, we propose a co-residency-resistant VM deployment strategy and define four thresholds to adjust the strategy for security and load balancing. Moreover, two metrics(VM co-residency probability and user co-residency coverage probability) are introduced to evaluate the deployment strategy. Finally, we implement the strategy and run experiments on both OpenStack and CloudSim. The results show that our strategy can reduce VM co-residency by 50% to 66.7% and user co-residency by 50% to 66% compared with the existing strategies.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125898480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.282
Manel Mrabet, Yosra Ben Saied, L. Saïdane
Trust management systems provide a means for trustworthy interactions in cloud environments. However, trust establishment could be compromised when malicious cloud users intentionally provide unfair feedbacks to decrease the reputation of some cloud providers or to benefit others. In this paper, we define "Feedback Entropy" as a newmetric to detect unfair rating attacks. As such, we propose a new detection system able to detect unfair rating attacks by monitoring users' feedbacks during short periods of time. Our proposed approach is designed to detect rapidly such attacks at the point in time they appear and to scale effectively with the increase of the number of feedbacks. Experimental results prove the advantages of the introduced metric and the good performance of the proposed detection system.
{"title":"Feedback Entropy: A New Metric to Detect Unfair Rating Attacks for Trust Computing in Cloud Environments","authors":"Manel Mrabet, Yosra Ben Saied, L. Saïdane","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.282","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.282","url":null,"abstract":"Trust management systems provide a means for trustworthy interactions in cloud environments. However, trust establishment could be compromised when malicious cloud users intentionally provide unfair feedbacks to decrease the reputation of some cloud providers or to benefit others. In this paper, we define \"Feedback Entropy\" as a newmetric to detect unfair rating attacks. As such, we propose a new detection system able to detect unfair rating attacks by monitoring users' feedbacks during short periods of time. Our proposed approach is designed to detect rapidly such attacks at the point in time they appear and to scale effectively with the increase of the number of feedbacks. Experimental results prove the advantages of the introduced metric and the good performance of the proposed detection system.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126895480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.358
Fan Jin, V. Varadharajan, U. Tupakula
Cognitive radio (CR) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. The sensing reports from all the CR nodes are sent to a Fusion Centre (FC) which aggregates these reports and takes decision about the presence of the PU, based on some decision rules. Such a collaborative sensing mechanism forms the foundation of any centralised CRN. However, this collaborative sensing mechanism provides more opportunities for malicious users (MUs) hiding in the legal users to launch spectrum sensing data falsification (SSDF) attacks. In an SSDF attack, some malicious users intentionally report incorrect local sensing results to the FC and disrupt the global decision-making process. To mitigate SSDF attacks, an Eclat algorithm based detection strategy is proposed in this paper for finding out the colluding malicious nodes. Simulation results show that the sensing performance of the scheme is better than the traditional majority based voting decision in the presence of SSDF attacks.
{"title":"An Eclat Algorithm Based Energy Detection for Cognitive Radio Networks","authors":"Fan Jin, V. Varadharajan, U. Tupakula","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.358","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.358","url":null,"abstract":"Cognitive radio (CR) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. The sensing reports from all the CR nodes are sent to a Fusion Centre (FC) which aggregates these reports and takes decision about the presence of the PU, based on some decision rules. Such a collaborative sensing mechanism forms the foundation of any centralised CRN. However, this collaborative sensing mechanism provides more opportunities for malicious users (MUs) hiding in the legal users to launch spectrum sensing data falsification (SSDF) attacks. In an SSDF attack, some malicious users intentionally report incorrect local sensing results to the FC and disrupt the global decision-making process. To mitigate SSDF attacks, an Eclat algorithm based detection strategy is proposed in this paper for finding out the colluding malicious nodes. Simulation results show that the sensing performance of the scheme is better than the traditional majority based voting decision in the presence of SSDF attacks.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"06 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127373134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.318
Nathanael R. Weidler, Dane Brown, S. Mitchell, Joel Anderson, J. Williams, Austin Costley, Chase Kunz, Christopher Wilkinson, Remy Wehbe, Ryan M. Gerdes
Microcontrollers are found in many everyday devices and will only become more prevalent as the Internet of Things (IoT) gains momentum. As such, it is increasingly important that they are reasonably secure from known vulnerabilities. If we do not improve the security posture of these devices, then attackers will find ways to exploit vulnerabilities for their own gain. Due to the security protections in modern systems which prevent execution of injected shellcode, Return Oriented Programming (ROP) has emerged as a more reliable way to execute malicious code following such attacks. ROP is a method used to take over the execution of a program by causing the return address of a function to be modified through an exploit vector, then returning to small segments of otherwise innocuous code located in executable memory one after the other to carry out the attacker’s aims. It will be shown that the Tiva TM4C123GH6PM microcontroller, which utilizes a Cortex-M4F processor, can be fully controlled with this technique. Sufficient code is pre-loaded into a ROM on Tiva microcontrollers to erase and rewrite the flash memory where the program resides. Then, that same ROM is searched for a Turing-complete gadget set which would allow for arbitrary execution. This would allow an attacker to re-purpose the microcontroller, altering the original functionality to his own malicious end.
{"title":"Return-Oriented Programming on a Cortex-M Processor","authors":"Nathanael R. Weidler, Dane Brown, S. Mitchell, Joel Anderson, J. Williams, Austin Costley, Chase Kunz, Christopher Wilkinson, Remy Wehbe, Ryan M. Gerdes","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.318","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.318","url":null,"abstract":"Microcontrollers are found in many everyday devices and will only become more prevalent as the Internet of Things (IoT) gains momentum. As such, it is increasingly important that they are reasonably secure from known vulnerabilities. If we do not improve the security posture of these devices, then attackers will find ways to exploit vulnerabilities for their own gain. Due to the security protections in modern systems which prevent execution of injected shellcode, Return Oriented Programming (ROP) has emerged as a more reliable way to execute malicious code following such attacks. ROP is a method used to take over the execution of a program by causing the return address of a function to be modified through an exploit vector, then returning to small segments of otherwise innocuous code located in executable memory one after the other to carry out the attacker’s aims. It will be shown that the Tiva TM4C123GH6PM microcontroller, which utilizes a Cortex-M4F processor, can be fully controlled with this technique. Sufficient code is pre-loaded into a ROM on Tiva microcontrollers to erase and rewrite the flash memory where the program resides. Then, that same ROM is searched for a Turing-complete gadget set which would allow for arbitrary execution. This would allow an attacker to re-purpose the microcontroller, altering the original functionality to his own malicious end.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117336899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: