Pub Date : 2017-06-19DOI: 10.1109/CyberSecPODS.2017.8074849
Vahid Moula, Salman Niksefat
A major security challenge for today's computer software is buffer overflow and other memory-related attacks. To exploit buffer overflow vulnerabilities in presence of the classical defense mechanisms such as write-xor-execute, attackers take advantage of code reuse attacks. The code reuse attacks allow an adversary to perform arbitrary operations on a victim's system by constructing a chain of small code sequences called gadgets that are present in vulnerable program's memory. In order to remedy code reuse attacks, many defense approaches have been proposed, each using a different mechanism for detecting attacks and having its own merits and downsides. In this paper, we analyze and scrutinize one of the most influential Linux-based defense mechanisms called ROPecker. Our analysis shows that ROPecker has weaknesses that may allow an attacker to bypass detection. Then we propose ROPK++ which by adding additional integrity checks, fixes the weaknesses in ROPecker and offers a more effective defensive approach against code reuse attacks in Linux-based systems. We compare the proposed approach with ROPecker in terms of security features and performance overhead and show its superiority and advantages.
{"title":"ROPK++: An enhanced ROP attack detection framework for Linux operating system","authors":"Vahid Moula, Salman Niksefat","doi":"10.1109/CyberSecPODS.2017.8074849","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2017.8074849","url":null,"abstract":"A major security challenge for today's computer software is buffer overflow and other memory-related attacks. To exploit buffer overflow vulnerabilities in presence of the classical defense mechanisms such as write-xor-execute, attackers take advantage of code reuse attacks. The code reuse attacks allow an adversary to perform arbitrary operations on a victim's system by constructing a chain of small code sequences called gadgets that are present in vulnerable program's memory. In order to remedy code reuse attacks, many defense approaches have been proposed, each using a different mechanism for detecting attacks and having its own merits and downsides. In this paper, we analyze and scrutinize one of the most influential Linux-based defense mechanisms called ROPecker. Our analysis shows that ROPecker has weaknesses that may allow an attacker to bypass detection. Then we propose ROPK++ which by adding additional integrity checks, fixes the weaknesses in ROPecker and offers a more effective defensive approach against code reuse attacks in Linux-based systems. We compare the proposed approach with ROPecker in terms of security features and performance overhead and show its superiority and advantages.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124683886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-19DOI: 10.1109/CyberSA.2017.8073384
Cyril Onwubiko
There have been longitudinal advances in both cybersecurity and cyber-threats in recent years. With cybersecurity, for instance, there are now mechanisms to geographically locate an entity; there are those that can intercept most forms of electronic communications, and those that can recover most types of hidden images and data in electronic devices. The pace of change and advancements has equally been astronomical and astonishing. Technology refresh cycles have been slashed, and are now estimated to between 12 to 18 months, while the number of cyber users or entities has quadrupled in the last five years. These continuous changes have left an ever increasing gap between cybersecurity, that is, control mechanisms (a.k.a. safeguards) that help protect, detect, respond and recover organisational or national cyber investment, and cyber-threats, that is, threats that aim to exploit, breach or circumvent the cyber controls. This gap between cybersecurity on one hand and cyber-threats on the other hand appears to widen even further in areas with far greater financial rewards for the criminals, or nation state political gains. Exploits are now common and frequent, and impacts far much greater than before. This situation is further exacerbated by the lack of adequate and well deployed security operations centres to monitor organizational cyber investments. In this research cyber security operations centre deployment models are proposed to provide better and enhanced situational awareness in order to detect common and frequent exploits, and also sophisticated and cross-channel exploits.
{"title":"Security operations centre: Situation awareness, threat intelligence and cybercrime","authors":"Cyril Onwubiko","doi":"10.1109/CyberSA.2017.8073384","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073384","url":null,"abstract":"There have been longitudinal advances in both cybersecurity and cyber-threats in recent years. With cybersecurity, for instance, there are now mechanisms to geographically locate an entity; there are those that can intercept most forms of electronic communications, and those that can recover most types of hidden images and data in electronic devices. The pace of change and advancements has equally been astronomical and astonishing. Technology refresh cycles have been slashed, and are now estimated to between 12 to 18 months, while the number of cyber users or entities has quadrupled in the last five years. These continuous changes have left an ever increasing gap between cybersecurity, that is, control mechanisms (a.k.a. safeguards) that help protect, detect, respond and recover organisational or national cyber investment, and cyber-threats, that is, threats that aim to exploit, breach or circumvent the cyber controls. This gap between cybersecurity on one hand and cyber-threats on the other hand appears to widen even further in areas with far greater financial rewards for the criminals, or nation state political gains. Exploits are now common and frequent, and impacts far much greater than before. This situation is further exacerbated by the lack of adequate and well deployed security operations centres to monitor organizational cyber investments. In this research cyber security operations centre deployment models are proposed to provide better and enhanced situational awareness in order to detect common and frequent exploits, and also sophisticated and cross-channel exploits.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116774151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-19DOI: 10.1109/CyberSecPODS.2017.8074857
Michelle Omoogun, Preetila Seeam, V. Ramsurrun, X. Bellekens, A. Seeam
eHealth mobile technologies are becoming increasingly prevalent in both the personal and medical world, assisting healthcare professionals to monitor the progress and current condition of patients. These devices often gather, transmit and analyse personal data. Healthcare data has rigid requirements for security, confidentiality, and availability, whilst access traceability and control, and long-term preservation are also highly desirable, particularly when exposed to cloud computing environments. This article explores some of the security and privacy challenges eHealth devices currently face. Legislative implications of data breaches are considered, as well as service provider accountability. The work also provides numerous security and privacy recommendations, in order to improve future implementations.
{"title":"When eHealth meets the internet of things: Pervasive security and privacy challenges","authors":"Michelle Omoogun, Preetila Seeam, V. Ramsurrun, X. Bellekens, A. Seeam","doi":"10.1109/CyberSecPODS.2017.8074857","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2017.8074857","url":null,"abstract":"eHealth mobile technologies are becoming increasingly prevalent in both the personal and medical world, assisting healthcare professionals to monitor the progress and current condition of patients. These devices often gather, transmit and analyse personal data. Healthcare data has rigid requirements for security, confidentiality, and availability, whilst access traceability and control, and long-term preservation are also highly desirable, particularly when exposed to cloud computing environments. This article explores some of the security and privacy challenges eHealth devices currently face. Legislative implications of data breaches are considered, as well as service provider accountability. The work also provides numerous security and privacy recommendations, in order to improve future implementations.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126547976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CyberSecPODS.2017.8074854
Yassine Lemmou, E. M. Souidi
During the year 2016, ransomware continued to spread panic throughout the world. Kaspersky reported that, between January and September 2016, the rate of ransomware attacks on companies tripled from one every two minutes to one every 40 seconds with more than 62 new families of ransomware emerging. We have encountered Cerber, Locky, PrincessLocker and others. In this work, we present an analysis of PrincessLocker, a form of ransomware that first appeared some time ago and presents victims with the same ransom demand site template as Cerber did. We explain the malware analysis steps we used to characterise the PrincessLocker infection process. We also discuss self-reproduction and over-infection, two major concepts in computer virology theory. Furthermore we compare our own PrincessLocker analysis with the related work of Nolen Scaife et al. on detection of the non-malicious tool CryptoLock (not to be confused with the ransomware CryptoLocker) using behavioral analysis of information exchanges between the software under investigation and the file systems which are being encrypted.
{"title":"PrincessLocker analysis","authors":"Yassine Lemmou, E. M. Souidi","doi":"10.1109/CyberSecPODS.2017.8074854","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2017.8074854","url":null,"abstract":"During the year 2016, ransomware continued to spread panic throughout the world. Kaspersky reported that, between January and September 2016, the rate of ransomware attacks on companies tripled from one every two minutes to one every 40 seconds with more than 62 new families of ransomware emerging. We have encountered Cerber, Locky, PrincessLocker and others. In this work, we present an analysis of PrincessLocker, a form of ransomware that first appeared some time ago and presents victims with the same ransom demand site template as Cerber did. We explain the malware analysis steps we used to characterise the PrincessLocker infection process. We also discuss self-reproduction and over-infection, two major concepts in computer virology theory. Furthermore we compare our own PrincessLocker analysis with the related work of Nolen Scaife et al. on detection of the non-malicious tool CryptoLock (not to be confused with the ransomware CryptoLocker) using behavioral analysis of information exchanges between the software under investigation and the file systems which are being encrypted.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122807260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CyberSecPODS.2017.8074847
T. Bhatia, Rishabh Kaushal
Android is the most preferable target for malware attacks due to its increased popularity amongst other operating systems for Smartphone devices. Owing to its open architecture and large user base, it provides the developers with an open access to its code base and a large surface area to launch their malicious activities. This paper presents an approach to perform dynamic analysis of android applications to classify the applications as malicious or non malicious. To this end we have developed a syscall-capture system which collects and extracts the system call traces of all the applications during their run-time interactions with the phone platform. Subsequently all the collected system call data is aggregated and analysed to detect and classify the behaviour of Android applications. We have used our system to analyse the behaviour of 50 malicious applications obtained from the Android Malware Genome Project and 50 benign applications obtained from the Google Play Store. With the aim to classify the behaviour of these applications, we have considered the frequency of system calls made by each application as the prime feature set. To this effect we have achieved an acceptable levels of accuracy in correctly classifying the application as malicious or benign using the J48 Decision Tree algorithm and the Random Forest algorithm.
{"title":"Malware detection in android based on dynamic analysis","authors":"T. Bhatia, Rishabh Kaushal","doi":"10.1109/CyberSecPODS.2017.8074847","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2017.8074847","url":null,"abstract":"Android is the most preferable target for malware attacks due to its increased popularity amongst other operating systems for Smartphone devices. Owing to its open architecture and large user base, it provides the developers with an open access to its code base and a large surface area to launch their malicious activities. This paper presents an approach to perform dynamic analysis of android applications to classify the applications as malicious or non malicious. To this end we have developed a syscall-capture system which collects and extracts the system call traces of all the applications during their run-time interactions with the phone platform. Subsequently all the collected system call data is aggregated and analysed to detect and classify the behaviour of Android applications. We have used our system to analyse the behaviour of 50 malicious applications obtained from the Android Malware Genome Project and 50 benign applications obtained from the Google Play Store. With the aim to classify the behaviour of these applications, we have considered the frequency of system calls made by each application as the prime feature set. To this effect we have achieved an acceptable levels of accuracy in correctly classifying the application as malicious or benign using the J48 Decision Tree algorithm and the Random Forest algorithm.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134123990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CyberSecPODS.2017.8074848
Y. Zeng
Malicious emails pose substantial threats to businesses. Whether it is a malware attachment or a URL leading to malware, exploitation or phishing, attackers have been employing emails as an effective way to gain a foothold inside organizations of all kinds. To combat email threats, especially targeted attacks, traditional signature- and rule-based email filtering as well as advanced sandboxing technology both have their own weaknesses. In this paper, we propose a predictive analysis approach that learns the differences between legit and malicious emails through static analysis, creates a machine learning model and makes detection and prediction on unseen emails effectively and efficiently. By comparing three different machine learning algorithms, our preliminary evaluation reveals that a Random Forests model performs the best.
{"title":"Identifying email threats using predictive analysis","authors":"Y. Zeng","doi":"10.1109/CyberSecPODS.2017.8074848","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2017.8074848","url":null,"abstract":"Malicious emails pose substantial threats to businesses. Whether it is a malware attachment or a URL leading to malware, exploitation or phishing, attackers have been employing emails as an effective way to gain a foothold inside organizations of all kinds. To combat email threats, especially targeted attacks, traditional signature- and rule-based email filtering as well as advanced sandboxing technology both have their own weaknesses. In this paper, we propose a predictive analysis approach that learns the differences between legit and malicious emails through static analysis, creates a machine learning model and makes detection and prediction on unseen emails effectively and efficiently. By comparing three different machine learning algorithms, our preliminary evaluation reveals that a Random Forests model performs the best.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"440 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131675643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CyberSecPODS.2017.8074858
Amala V. Rajan, Rejitha Ravikumar, Mariam Al Shaer
While the internet has had a profound effect on all aspects of modern living, its use does make businesses and individuals vulnerable to being targeted by cybercriminals. Cybercrime rates have been found to increase year-on-year, and the consequences include financial and reputational damage, loss of privacy and breaches of intellectual property. The United Arab Emirates (UAE) has become a major target for cybercriminals due to its high levels of economic activity and tourism, significant uptake of technology, and the rise of the oil and gas industry. The UAE Government has introduced changes to its single cybercrime law, but there are concerns that it is not suitably comprehensive to provide adequate protections of UAE citizens and residents. This article reviews the protections provided by the law through interview results, and comparisons to other, similar laws internationally. It then offers recommendations on how the law can be improved, to make people feel safer in their usage of the internet and internet-connected technologies.
{"title":"UAE cybercrime law and cybercrimes — An analysis","authors":"Amala V. Rajan, Rejitha Ravikumar, Mariam Al Shaer","doi":"10.1109/CyberSecPODS.2017.8074858","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2017.8074858","url":null,"abstract":"While the internet has had a profound effect on all aspects of modern living, its use does make businesses and individuals vulnerable to being targeted by cybercriminals. Cybercrime rates have been found to increase year-on-year, and the consequences include financial and reputational damage, loss of privacy and breaches of intellectual property. The United Arab Emirates (UAE) has become a major target for cybercriminals due to its high levels of economic activity and tourism, significant uptake of technology, and the rise of the oil and gas industry. The UAE Government has introduced changes to its single cybercrime law, but there are concerns that it is not suitably comprehensive to provide adequate protections of UAE citizens and residents. This article reviews the protections provided by the law through interview results, and comparisons to other, similar laws internationally. It then offers recommendations on how the law can be improved, to make people feel safer in their usage of the internet and internet-connected technologies.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126551927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CyberSecPODS.2017.8074856
Louai A. Maghrabi, E. Pfluegel, Luluwah Al-Fagih, Roman Graf, Giuseppe Settanni, Florian Skopik
Software vulnerability patching is a crucial part of vulnerability management and is informed by using effective vulnerability scoring techniques. The Common Vulnerability Scoring System (CVSS) provides an open framework for assessing the severity of software vulnerabilities based on metrics capturing their individual, intrinsic characteristics. In this paper, we enhance the use of CVSS for vulnerability scoring with the help of game theory by modelling an attacker-defender scenario and arguing that, under the assumption of rational behaviour of the players, an effective vulnerability patching strategy could be achieved with an optimal strategy, solving the game. We have implemented our strategies as new functionality in the software tool CAESAIR [1]. This research builds on our previous work [2], where we have used CVSS to inform the design of the utility functions, by performing the Nash equilibrium analysis of the game. Our findings may result in more accurate defence strategies for system administrators.
{"title":"Improved software vulnerability patching techniques using CVSS and game theory","authors":"Louai A. Maghrabi, E. Pfluegel, Luluwah Al-Fagih, Roman Graf, Giuseppe Settanni, Florian Skopik","doi":"10.1109/CyberSecPODS.2017.8074856","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2017.8074856","url":null,"abstract":"Software vulnerability patching is a crucial part of vulnerability management and is informed by using effective vulnerability scoring techniques. The Common Vulnerability Scoring System (CVSS) provides an open framework for assessing the severity of software vulnerabilities based on metrics capturing their individual, intrinsic characteristics. In this paper, we enhance the use of CVSS for vulnerability scoring with the help of game theory by modelling an attacker-defender scenario and arguing that, under the assumption of rational behaviour of the players, an effective vulnerability patching strategy could be achieved with an optimal strategy, solving the game. We have implemented our strategies as new functionality in the software tool CAESAIR [1]. This research builds on our previous work [2], where we have used CVSS to inform the design of the utility functions, by performing the Nash equilibrium analysis of the game. Our findings may result in more accurate defence strategies for system administrators.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124175689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CyberSecPODS.2017.8074853
Clement Guitton
The article attempts to analyse at a conceptual and practical level whether it is possible to foresee and foil cyber attacks. It argues that cyber threat intelligence is a sensitive and novel approach to doing so in that it departs from the traditional more reactive options used until now. The article posits that threat intelligence falls between strategic and practical approaches, between deterrence and technical solutions. Furthermore, the article suggests that cyber threat intelligence faces difficulties that differ from those traditionally dealt with by intelligence services. Its greatest challenge lies in the collection of precise and actionable intelligence. By contrast, the evaluation and dissemination phases of the intelligence cycle usually account for security apparatuses failing to foil upcoming plots.
{"title":"Foiling cyber attacks","authors":"Clement Guitton","doi":"10.1109/CyberSecPODS.2017.8074853","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2017.8074853","url":null,"abstract":"The article attempts to analyse at a conceptual and practical level whether it is possible to foresee and foil cyber attacks. It argues that cyber threat intelligence is a sensitive and novel approach to doing so in that it departs from the traditional more reactive options used until now. The article posits that threat intelligence falls between strategic and practical approaches, between deterrence and technical solutions. Furthermore, the article suggests that cyber threat intelligence faces difficulties that differ from those traditionally dealt with by intelligence services. Its greatest challenge lies in the collection of precise and actionable intelligence. By contrast, the evaluation and dissemination phases of the intelligence cycle usually account for security apparatuses failing to foil upcoming plots.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115894439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CyberSecPODS.2017.8074850
Tianhui Meng, Zhihao Shang, K. Wolter
Bring Your Own Device (BYOD) security is a concern for many companies' IT departments. Many corporations implement a “secure container” solution that provides full separation of work and personal data on mobile devices to mitigate the dangers brought by BYOD. In this paper, we perform an empirical comparison between two popular secure containers for Android: Samsung Knox and IBM MaaS360. We first conduct benchmark tests to compare these two containers. Then in order to quantitatively assess the security property of these containers, we propose a measurement method based on a simulating attack. Our experimental results show that performance of compute-intensive applications in the Knox container will be affected drastically compared with when they are running on the device (outside the container), while for memory-intensive applications, performance will not deteriorate much in Knox and MaaS360 containers. We also found that with an overhead of 3.3 ms (0.58%) in mean response time, Knox container can extend the mean time to security failure (MTTSF) by 109.6 min (878%). Within the MaaS360 container, the MTTSF is prolonged by 10.2 min (81.4%) but the response time is 3.3 ms (0.58%) longer per job than without containers.
{"title":"An empirical performance and security evaluation of android container solutions","authors":"Tianhui Meng, Zhihao Shang, K. Wolter","doi":"10.1109/CyberSecPODS.2017.8074850","DOIUrl":"https://doi.org/10.1109/CyberSecPODS.2017.8074850","url":null,"abstract":"Bring Your Own Device (BYOD) security is a concern for many companies' IT departments. Many corporations implement a “secure container” solution that provides full separation of work and personal data on mobile devices to mitigate the dangers brought by BYOD. In this paper, we perform an empirical comparison between two popular secure containers for Android: Samsung Knox and IBM MaaS360. We first conduct benchmark tests to compare these two containers. Then in order to quantitatively assess the security property of these containers, we propose a measurement method based on a simulating attack. Our experimental results show that performance of compute-intensive applications in the Knox container will be affected drastically compared with when they are running on the device (outside the container), while for memory-intensive applications, performance will not deteriorate much in Knox and MaaS360 containers. We also found that with an overhead of 3.3 ms (0.58%) in mean response time, Knox container can extend the mean time to security failure (MTTSF) by 109.6 min (878%). Within the MaaS360 container, the MTTSF is prolonged by 10.2 min (81.4%) but the response time is 3.3 ms (0.58%) longer per job than without containers.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134631280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: