Pub Date : 2018-09-03DOI: 10.1007/978-3-319-97916-8_20
Chen Qian, Mehdi Tibouchi, R. Géraud
{"title":"Universal Witness Signatures","authors":"Chen Qian, Mehdi Tibouchi, R. Géraud","doi":"10.1007/978-3-319-97916-8_20","DOIUrl":"https://doi.org/10.1007/978-3-319-97916-8_20","url":null,"abstract":"","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"39 1","pages":"313-329"},"PeriodicalIF":0.0,"publicationDate":"2018-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75715556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Detecting Privacy Information Abuse by Android Apps from API Call Logs","authors":"Katsutaka Ito, Hirokazu Hasegawa, Yukiko Yamaguchi, Hajime Shimada","doi":"10.1007/978-3-319-97916-8_10","DOIUrl":"https://doi.org/10.1007/978-3-319-97916-8_10","url":null,"abstract":"","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"16 1","pages":"143-157"},"PeriodicalIF":0.0,"publicationDate":"2018-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78789902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-09-03DOI: 10.1007/978-3-319-97916-8_16
Jingchun Yang, Meicheng Liu, D. Lin, Wenhao Wang
{"title":"Symbolic-Like Computation and Conditional Differential Cryptanalysis of QUARK","authors":"Jingchun Yang, Meicheng Liu, D. Lin, Wenhao Wang","doi":"10.1007/978-3-319-97916-8_16","DOIUrl":"https://doi.org/10.1007/978-3-319-97916-8_16","url":null,"abstract":"","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"8 1","pages":"244-261"},"PeriodicalIF":0.0,"publicationDate":"2018-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81666815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-09-03DOI: 10.1007/978-3-319-97916-8_6
Weiyao Wang, Yuntao Wang, Atsushi Takayasu, T. Takagi
{"title":"Estimated Cost for Solving Generalized Learning with Errors Problem via Embedding Techniques","authors":"Weiyao Wang, Yuntao Wang, Atsushi Takayasu, T. Takagi","doi":"10.1007/978-3-319-97916-8_6","DOIUrl":"https://doi.org/10.1007/978-3-319-97916-8_6","url":null,"abstract":"","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"49 1","pages":"87-103"},"PeriodicalIF":0.0,"publicationDate":"2018-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80956442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-09-03DOI: 10.1007/978-3-319-97916-8_7
Akinaga Ueda, Hayato Tada, K. Kurosawa
{"title":"(Short Paper) How to Solve DLOG Problem with Auxiliary Input","authors":"Akinaga Ueda, Hayato Tada, K. Kurosawa","doi":"10.1007/978-3-319-97916-8_7","DOIUrl":"https://doi.org/10.1007/978-3-319-97916-8_7","url":null,"abstract":"","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"15 1","pages":"104-113"},"PeriodicalIF":0.0,"publicationDate":"2018-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89624353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
V. Dixit, Sukwha Kyung, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, Gail-Joon Ahn
Software-Defined Network (SDN) is a novel architecture created to address the issues of traditional and vertically integrated networks. To increase cost-effectiveness and enable logical control, SDN provides high programmability and centralized view of the network through separation of network traffic delivery (the "data plane") from network configuration (the "control plane"). SDN controllers and related protocols are rapidly evolving to address the demands for scaling in complex enterprise networks. Because of the evolution of modern SDN technologies, production networks employing SDN are prone to several security vulnerabilities. The rate at which SDN frameworks are evolving continues to overtake attempts to address their security issues. According to our study, existing defense mechanisms, particularly SDN-based firewalls, face new and SDN-specific challenges in successfully enforcing security policies in the underlying network. In this paper, we identify problems associated with SDN-based firewalls, such as ambiguous flow path calculations and poor scalability in large networks. We survey existing SDN-based firewall designs and their shortcomings in protecting a dynamically scaling network like a data center. We extend our study by evaluating one such SDN-specific security solution called FlowGuard, and identifying new attack vectors and vulnerabilities. We also present corresponding threat detection techniques and respective mitigation strategies.
{"title":"Challenges and Preparedness of SDN-based Firewalls","authors":"V. Dixit, Sukwha Kyung, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, Gail-Joon Ahn","doi":"10.1145/3180465.3180468","DOIUrl":"https://doi.org/10.1145/3180465.3180468","url":null,"abstract":"Software-Defined Network (SDN) is a novel architecture created to address the issues of traditional and vertically integrated networks. To increase cost-effectiveness and enable logical control, SDN provides high programmability and centralized view of the network through separation of network traffic delivery (the \"data plane\") from network configuration (the \"control plane\"). SDN controllers and related protocols are rapidly evolving to address the demands for scaling in complex enterprise networks. Because of the evolution of modern SDN technologies, production networks employing SDN are prone to several security vulnerabilities. The rate at which SDN frameworks are evolving continues to overtake attempts to address their security issues. According to our study, existing defense mechanisms, particularly SDN-based firewalls, face new and SDN-specific challenges in successfully enforcing security policies in the underlying network. In this paper, we identify problems associated with SDN-based firewalls, such as ambiguous flow path calculations and poor scalability in large networks. We survey existing SDN-based firewall designs and their shortcomings in protecting a dynamically scaling network like a data center. We extend our study by evaluating one such SDN-specific security solution called FlowGuard, and identifying new attack vectors and vulnerabilities. We also present corresponding threat detection techniques and respective mitigation strategies.","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81412242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kuang-Ching Wang, R. Brooks, C. Barrineau, Jon Oakley, Lu Yu, Qing Wang
With software defined networking and network function virtualization technologies, networks can be programmed to have customized processing and paths for different traffic at manageable costs and for massive numbers of applications. Now, picture a future Internet where each entity - a person, an organization, or an autonomous system - has the ability to choose how traffic in their respective network sessions is routed and processed between itself and its counterparts. The network is, essentially, liberated from today's homogeneous IP-based routing and limited connection options. To realize such a network paradigm, we propose a software defined exchange architecture that can provide the needed network programmability, session-level customization, and scale. We present a case study for traffic-analysis-resistant communication among individuals, campuses, or web services, where IP addresses no longer need to have a one-to-one correspondence with service providers.
{"title":"Internet Security Liberated via Software Defined Exchanges","authors":"Kuang-Ching Wang, R. Brooks, C. Barrineau, Jon Oakley, Lu Yu, Qing Wang","doi":"10.1145/3180465.3180475","DOIUrl":"https://doi.org/10.1145/3180465.3180475","url":null,"abstract":"With software defined networking and network function virtualization technologies, networks can be programmed to have customized processing and paths for different traffic at manageable costs and for massive numbers of applications. Now, picture a future Internet where each entity - a person, an organization, or an autonomous system - has the ability to choose how traffic in their respective network sessions is routed and processed between itself and its counterparts. The network is, essentially, liberated from today's homogeneous IP-based routing and limited connection options. To realize such a network paradigm, we propose a software defined exchange architecture that can provide the needed network programmability, session-level customization, and scale. We present a case study for traffic-analysis-resistant communication among individuals, campuses, or web services, where IP addresses no longer need to have a one-to-one correspondence with service providers.","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"85 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80956054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The growth of malware poses a major threat to internet users, governments, and businesses around the world. One of the major types of malware, ransomware, encrypts a user's sensitive information and only returns the original files to the user after a ransom is paid. As malware developers shift the delivery of their product from HTTP to HTTPS to protect themselves from payload inspection, we can no longer rely on deep packet inspection to extract features for malware identification. Toward this goal, we propose a solution leveraging a recent trend in networking hardware, that is programmable forwarding engines (PFEs). PFEs allow collection of per-packet, network monitoring data at high rates. We use this data to monitor the network traffic between an infected computer and the command and control (C&C) server. We extract high-level flow features from this traffic and use this data for ransomware classification. We write a stream processor and use a random forest, binary classifier to utilizes these rich flow records in fingerprinting malicious, network activity without the requirement of deep packet inspection. Our classification model achieves a detection rate in excess of 0.86, while maintaining a false negative rate under 0.11. Our results suggest that a flow-based fingerprinting method is feasible and accurate enough to catch ransomware before encryption.
{"title":"Machine Learning-Based Detection of Ransomware Using SDN","authors":"Greg Cusack, Oliver Michel, Eric Keller","doi":"10.1145/3180465.3180467","DOIUrl":"https://doi.org/10.1145/3180465.3180467","url":null,"abstract":"The growth of malware poses a major threat to internet users, governments, and businesses around the world. One of the major types of malware, ransomware, encrypts a user's sensitive information and only returns the original files to the user after a ransom is paid. As malware developers shift the delivery of their product from HTTP to HTTPS to protect themselves from payload inspection, we can no longer rely on deep packet inspection to extract features for malware identification. Toward this goal, we propose a solution leveraging a recent trend in networking hardware, that is programmable forwarding engines (PFEs). PFEs allow collection of per-packet, network monitoring data at high rates. We use this data to monitor the network traffic between an infected computer and the command and control (C&C) server. We extract high-level flow features from this traffic and use this data for ransomware classification. We write a stream processor and use a random forest, binary classifier to utilizes these rich flow records in fingerprinting malicious, network activity without the requirement of deep packet inspection. Our classification model achieves a detection rate in excess of 0.86, while maintaining a false negative rate under 0.11. Our results suggest that a flow-based fingerprinting method is feasible and accurate enough to catch ransomware before encryption.","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"72 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86275608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Stoecklin, Jialong Zhang, F. Araujo, Teryl Taylor
Honeypots have been widely employed to track attackers' activities and divert potential threats against real assets. A critical challenge of honeypot research is how to better integrate deceptive honeypots as part of an overall production network. Conventional honeypots are typically deployed as separate assets near those they are protecting---they are not in the direct line of fire. Such a setup does not effectively protect real assets since attackers do not require a full network scan to identify certain production hosts. In this paper, we present a novel framework to transparently project vulnerable honey services atop real production systems without interfering the production system. The key idea is to use SDN technology to divide a production network into segments of production and decoy servers. Traffic intended for production workloads is redirected to decoys based on port or service information. The decoy servers run "vulnerable" services that are heavily monitored. From the attackers' perspective, these vulnerable services run on production systems, but traffic is instead relayed to a honeypot with the same configuration (e.g., IP address, MAC address, running services) of the protected production system. In this way, our approach capitalizes on capturing attacks before they reach protected assets. We demonstrate its feasibility with a prototype implementation and practical deployment model. Evaluation shows that our approach incurs negligible overhead and resists potential side channel fingerprinting attacks.
{"title":"Dressed up: Baiting Attackers through Endpoint Service Projection","authors":"M. Stoecklin, Jialong Zhang, F. Araujo, Teryl Taylor","doi":"10.1145/3180465.3180466","DOIUrl":"https://doi.org/10.1145/3180465.3180466","url":null,"abstract":"Honeypots have been widely employed to track attackers' activities and divert potential threats against real assets. A critical challenge of honeypot research is how to better integrate deceptive honeypots as part of an overall production network. Conventional honeypots are typically deployed as separate assets near those they are protecting---they are not in the direct line of fire. Such a setup does not effectively protect real assets since attackers do not require a full network scan to identify certain production hosts. In this paper, we present a novel framework to transparently project vulnerable honey services atop real production systems without interfering the production system. The key idea is to use SDN technology to divide a production network into segments of production and decoy servers. Traffic intended for production workloads is redirected to decoys based on port or service information. The decoy servers run \"vulnerable\" services that are heavily monitored. From the attackers' perspective, these vulnerable services run on production systems, but traffic is instead relayed to a honeypot with the same configuration (e.g., IP address, MAC address, running services) of the protected production system. In this way, our approach capitalizes on capturing attacks before they reach protected assets. We demonstrate its feasibility with a prototype implementation and practical deployment model. Evaluation shows that our approach incurs negligible overhead and resists potential side channel fingerprinting attacks.","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"136 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79642151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The paradigm shift to the Internet of Things (IoT) and the emergence of the edge computing concept have brought huge potentials for various future IoT application scenes such as smart home, smart transportation, smart health, smart grids, and smart energy. It also brings a series of new Cybersecurity challenges. We envision that many new research and innovation opportunities will emerge in the conjunction of "Cybersecurity + edge computing + IoT + AI". In this article, we will discuss the major new Cybersecurity challenges and the related opportunities in such a vision.
{"title":"Cybersecurity Challenges and Opportunities in the New \"Edge Computing + IoT\" World","authors":"Jianli Pan, Zhicheng Yang","doi":"10.1145/3180465.3180470","DOIUrl":"https://doi.org/10.1145/3180465.3180470","url":null,"abstract":"The paradigm shift to the Internet of Things (IoT) and the emergence of the edge computing concept have brought huge potentials for various future IoT application scenes such as smart home, smart transportation, smart health, smart grids, and smart energy. It also brings a series of new Cybersecurity challenges. We envision that many new research and innovation opportunities will emerge in the conjunction of \"Cybersecurity + edge computing + IoT + AI\". In this article, we will discuss the major new Cybersecurity challenges and the related opportunities in such a vision.","PeriodicalId":20513,"journal":{"name":"Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"49 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86796024","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: