Classic security techniques use patterns (e.g., virus scanner) for detecting malicious software, compiler features (e.g., canaries, tainting) or hardware memory protection features (e.g., DEP) for protecting software. An alternative approach is the verification of software based on the comparison between the binary code loaded before runtime and the actual memory image during runtime. The expected memory image is predictable based on the ELF-file, the loading mechanism, and its allocated memory addresses. Using binary files as references for verifying the memory during execution allows for the definition of white-lists based on the actual software used. This enables a novel way of detecting sophisticated attacks to executed code, which is not considered by current approaches. This paper presents the background, design, implementation, and verification of a non-intrusive runtime memory verification concept, which is based on the comparison of binary executables and the actual memory image.
{"title":"DRIVE: Dynamic Runtime Integrity Verification and Evaluation","authors":"André Rein","doi":"10.1145/3052973.3052975","DOIUrl":"https://doi.org/10.1145/3052973.3052975","url":null,"abstract":"Classic security techniques use patterns (e.g., virus scanner) for detecting malicious software, compiler features (e.g., canaries, tainting) or hardware memory protection features (e.g., DEP) for protecting software. An alternative approach is the verification of software based on the comparison between the binary code loaded before runtime and the actual memory image during runtime. The expected memory image is predictable based on the ELF-file, the loading mechanism, and its allocated memory addresses. Using binary files as references for verifying the memory during execution allows for the definition of white-lists based on the actual software used. This enables a novel way of detecting sophisticated attacks to executed code, which is not considered by current approaches. This paper presents the background, design, implementation, and verification of a non-intrusive runtime memory verification concept, which is based on the comparison of binary executables and the actual memory image.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"36 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82041993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Eugene Kolodenker, W. Koch, G. Stringhini, Manuel Egele
Similar to criminals in the physical world, cyber-criminals use a variety of illegal and immoral means to achieve monetary gains. Recently, malware known as ransomware started to leverage strong cryptographic primitives to hold victims' computer files "hostage" until a ransom is paid. Victims, with no way to defend themselves, are often advised to simply pay. Existing defenses against ransomware rely on ad-hoc mitigations that target the incorrect use of cryptography rather than generic live protection. To fill this gap in the defender's arsenal, we describe the approach, prototype implementation, and evaluation of a novel, automated, and most importantly proactive defense mechanism against ransomware. Our prototype, called PayBreak, effectively combats ransomware, and keeps victims' files safe. PayBreak is based on the insight that secure file encryption relies on hybrid encryption where symmetric session keys are used on the victim computer. PayBreak observes the use of these keys, holds them in escrow, and thus, can decrypt files that would otherwise only be recoverable by paying the ransom. Our prototype leverages low overhead dynamic hooking techniques and asymmetric encryption to realize the key escrow mechanism which allows victims to restore the files encrypted by ransomware. We evaluated PayBreak for its effectiveness against twenty hugely successful families of real-world ransomware, and demonstrate that our system can restore all files that are encrypted by samples from twelve of these families, including the infamous CryptoLocker, and more recent threats such as Locky and SamSam. Finally, PayBreak performs its protection task at negligible performance overhead for common office workloads and is thus ideally suited as a proactive online protection system.
{"title":"PayBreak: Defense Against Cryptographic Ransomware","authors":"Eugene Kolodenker, W. Koch, G. Stringhini, Manuel Egele","doi":"10.1145/3052973.3053035","DOIUrl":"https://doi.org/10.1145/3052973.3053035","url":null,"abstract":"Similar to criminals in the physical world, cyber-criminals use a variety of illegal and immoral means to achieve monetary gains. Recently, malware known as ransomware started to leverage strong cryptographic primitives to hold victims' computer files \"hostage\" until a ransom is paid. Victims, with no way to defend themselves, are often advised to simply pay. Existing defenses against ransomware rely on ad-hoc mitigations that target the incorrect use of cryptography rather than generic live protection. To fill this gap in the defender's arsenal, we describe the approach, prototype implementation, and evaluation of a novel, automated, and most importantly proactive defense mechanism against ransomware. Our prototype, called PayBreak, effectively combats ransomware, and keeps victims' files safe. PayBreak is based on the insight that secure file encryption relies on hybrid encryption where symmetric session keys are used on the victim computer. PayBreak observes the use of these keys, holds them in escrow, and thus, can decrypt files that would otherwise only be recoverable by paying the ransom. Our prototype leverages low overhead dynamic hooking techniques and asymmetric encryption to realize the key escrow mechanism which allows victims to restore the files encrypted by ransomware. We evaluated PayBreak for its effectiveness against twenty hugely successful families of real-world ransomware, and demonstrate that our system can restore all files that are encrypted by samples from twelve of these families, including the infamous CryptoLocker, and more recent threats such as Locky and SamSam. Finally, PayBreak performs its protection task at negligible performance overhead for common office workloads and is thus ideally suited as a proactive online protection system.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"47 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83341624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Applied Crypto","authors":"Frederik Armknecht","doi":"10.1145/3248564","DOIUrl":"https://doi.org/10.1145/3248564","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"27 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83739744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Christian Weinert, Denise Demirel, M. Vigil, Matthias Geihs, J. Buchmann
Current trends in technology, such as cloud computing, allow outsourcing the storage, backup, and archiving of data. This provides efficiency and flexibility, but also poses new risks for data security. It in particular became crucial to develop protection schemes that ensure security even in the long-term, i.e. beyond the lifetime of keys, certificates, and cryptographic primitives. However, all current solutions fail to provide optimal performance for different application scenarios. Thus, in this work, we present MoPS, a modular protection scheme to ensure authenticity and integrity for data stored over long periods of time. MoPS does not come with any requirements regarding the storage architecture and can therefore be used together with existing archiving or storage systems. It supports a set of techniques which can be plugged together, combined, and migrated in order to create customized solutions that fulfill the requirements of different application scenarios in the best possible way. As a proof of concept we implemented MoPS and provide performance measurements. Furthermore, our implementation provides additional features, such as guidance for non-expert users and export functionalities for external verifiers.
{"title":"MoPS: A Modular Protection Scheme for Long-Term Storage","authors":"Christian Weinert, Denise Demirel, M. Vigil, Matthias Geihs, J. Buchmann","doi":"10.1145/3052973.3053025","DOIUrl":"https://doi.org/10.1145/3052973.3053025","url":null,"abstract":"Current trends in technology, such as cloud computing, allow outsourcing the storage, backup, and archiving of data. This provides efficiency and flexibility, but also poses new risks for data security. It in particular became crucial to develop protection schemes that ensure security even in the long-term, i.e. beyond the lifetime of keys, certificates, and cryptographic primitives. However, all current solutions fail to provide optimal performance for different application scenarios. Thus, in this work, we present MoPS, a modular protection scheme to ensure authenticity and integrity for data stored over long periods of time. MoPS does not come with any requirements regarding the storage architecture and can therefore be used together with existing archiving or storage systems. It supports a set of techniques which can be plugged together, combined, and migrated in order to create customized solutions that fulfill the requirements of different application scenarios in the best possible way. As a proof of concept we implemented MoPS and provide performance measurements. Furthermore, our implementation provides additional features, such as guidance for non-expert users and export functionalities for external verifiers.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"3 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73662155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. Jansen, Matthias Schäfer, Vincent Lenders, C. Pöpper, J. Schmitt
Systems relying on satellite positioning techniques such as GPS can be targeted by spoofing attacks, where attackers try to inject fake positioning information. With the growing spread of flying drones and their usage of GPS for localization, these systems become interesting targets of attacks with the purpose of hijacking or to distract air safety surveillance. The most recent development in air traffic surveillance is the automatic dependent surveillance -- broadcast (ADS-B). Aircraft periodically broadcast their location, speed, or environmental measurements via ADS-B. The open research project OpenSky Network collects ADS-B reports and makes them available for research purposes. This poster presents a concept to detect and localize spoofing devices by utilizing the information provided by a large-scale air traffic surveillance system. We utilize ADS-B reports collected by the OpenSky Network and provide first results on the effectiveness of localizing spoofing sources.
{"title":"Localization of Spoofing Devices using a Large-scale Air Traffic Surveillance System","authors":"K. Jansen, Matthias Schäfer, Vincent Lenders, C. Pöpper, J. Schmitt","doi":"10.1145/3052973.3055158","DOIUrl":"https://doi.org/10.1145/3052973.3055158","url":null,"abstract":"Systems relying on satellite positioning techniques such as GPS can be targeted by spoofing attacks, where attackers try to inject fake positioning information. With the growing spread of flying drones and their usage of GPS for localization, these systems become interesting targets of attacks with the purpose of hijacking or to distract air safety surveillance. The most recent development in air traffic surveillance is the automatic dependent surveillance -- broadcast (ADS-B). Aircraft periodically broadcast their location, speed, or environmental measurements via ADS-B. The open research project OpenSky Network collects ADS-B reports and makes them available for research purposes. This poster presents a concept to detect and localize spoofing devices by utilizing the information provided by a large-scale air traffic surveillance system. We utilize ADS-B reports collected by the OpenSky Network and provide first results on the effectiveness of localizing spoofing sources.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"21 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72966559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Commodity operating systems kernels are typically implemented using low-level unsafe languages, which leads to the inevitability of memory corruption vulnerabilities. Multiple defense techniques are widely adopted to mitigate the impact of memory corruption on executable code and control data. Nevertheless, there has not been much attention to defend against corruption of non-control data despite the fact that previous incidents of kernel exploitation showed that corrupting non-control data is a real threat. We present PrivWatcher, a framework for monitoring and protecting the integrity of process credentials and their usage contexts from memory corruption attacks. PrivWatcher solves multiple challenges to achieve this objective. It introduces techniques to isolate and protect the data that define process credentials and guarantee the locality of this data within the protected memory. Then, by adopting a dual reference monitor model, it guarantees the Time of Check To Time of Use (TOCTTOU) consistency between verification and usage contexts for process credentials. Moreover, it provides a secure mechanism that allows the presumably protected kernel code to verify the protected data without relying on unprotected data fields. PrivWatcher provides non-bypassable integrity assurances for process credentials and can be adapted to enforce a variety of integrity policies. In this paper, we demonstrate an application of PrivWatcher that enforces the original semantics of the OS kernel's access control policy: a change in process privileges is legitimate only if an uncompromised kernel would have allowed it. We implemented a PrivWatcher prototype to protect Ubuntu Linux running on x86-64. Evaluation of our prototype showed that PrivWatcher is effective and efficient.
{"title":"PrivWatcher: Non-bypassable Monitoring and Protection of Process Credentials from Memory Corruption Attacks","authors":"Quan Chen, Ahmed M. Azab, G. Ganesh, P. Ning","doi":"10.1145/3052973.3053029","DOIUrl":"https://doi.org/10.1145/3052973.3053029","url":null,"abstract":"Commodity operating systems kernels are typically implemented using low-level unsafe languages, which leads to the inevitability of memory corruption vulnerabilities. Multiple defense techniques are widely adopted to mitigate the impact of memory corruption on executable code and control data. Nevertheless, there has not been much attention to defend against corruption of non-control data despite the fact that previous incidents of kernel exploitation showed that corrupting non-control data is a real threat. We present PrivWatcher, a framework for monitoring and protecting the integrity of process credentials and their usage contexts from memory corruption attacks. PrivWatcher solves multiple challenges to achieve this objective. It introduces techniques to isolate and protect the data that define process credentials and guarantee the locality of this data within the protected memory. Then, by adopting a dual reference monitor model, it guarantees the Time of Check To Time of Use (TOCTTOU) consistency between verification and usage contexts for process credentials. Moreover, it provides a secure mechanism that allows the presumably protected kernel code to verify the protected data without relying on unprotected data fields. PrivWatcher provides non-bypassable integrity assurances for process credentials and can be adapted to enforce a variety of integrity policies. In this paper, we demonstrate an application of PrivWatcher that enforces the original semantics of the OS kernel's access control policy: a change in process privileges is legitimate only if an uncompromised kernel would have allowed it. We implemented a PrivWatcher prototype to protect Ubuntu Linux running on x86-64. Evaluation of our prototype showed that PrivWatcher is effective and efficient.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"11 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78696069","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Frederik Armknecht, J. Bohli, D. Froelicher, Ghassan O. Karame
Proofs of Retrievability (POR) are cryptographic proofs which provide assurance to a single tenant (who creates tags using his secret material) that his files can be retrieved in their entirety. However, POR schemes completely ignore storage-efficiency concepts, such as multi-tenancy and data deduplication, which are being widely utilized by existing cloud storage providers. Namely, in deduplicated storage systems, existing POR schemes would incur an additional overhead for storing tenants' tags which grows linearly with the number of users deduplicating the same file. This overhead clearly reduces the (economic) incentives of cloud providers to integrate existing POR/PDP solutions in their offerings. In this paper, we propose a novel storage-efficient POR, dubbed SPORT, which transparently supports multi-tenancy and data deduplication. More specifically, SPORT enables tenants to securely share the same POR tags in order to verify the integrity of their deduplicated files. By doing so, SPORT considerably reduces the storage overhead borne by cloud providers when storing the tags of different tenants deduplicating the same content. We show that SPORT resists against malicious tenants/cloud providers (and against collusion among a subset of the tenants and the cloud). Finally, we implement a prototype based on SPORT, and evaluate its performance in a realistic cloud setting. Our evaluation results show that our proposal incurs tolerable computational overhead on the tenants and the cloud provider.
{"title":"Sharing Proofs of Retrievability across Tenants","authors":"Frederik Armknecht, J. Bohli, D. Froelicher, Ghassan O. Karame","doi":"10.1145/3052973.3052997","DOIUrl":"https://doi.org/10.1145/3052973.3052997","url":null,"abstract":"Proofs of Retrievability (POR) are cryptographic proofs which provide assurance to a single tenant (who creates tags using his secret material) that his files can be retrieved in their entirety. However, POR schemes completely ignore storage-efficiency concepts, such as multi-tenancy and data deduplication, which are being widely utilized by existing cloud storage providers. Namely, in deduplicated storage systems, existing POR schemes would incur an additional overhead for storing tenants' tags which grows linearly with the number of users deduplicating the same file. This overhead clearly reduces the (economic) incentives of cloud providers to integrate existing POR/PDP solutions in their offerings. In this paper, we propose a novel storage-efficient POR, dubbed SPORT, which transparently supports multi-tenancy and data deduplication. More specifically, SPORT enables tenants to securely share the same POR tags in order to verify the integrity of their deduplicated files. By doing so, SPORT considerably reduces the storage overhead borne by cloud providers when storing the tags of different tenants deduplicating the same content. We show that SPORT resists against malicious tenants/cloud providers (and against collusion among a subset of the tenants and the cloud). Finally, we implement a prototype based on SPORT, and evaluate its performance in a realistic cloud setting. Our evaluation results show that our proposal incurs tolerable computational overhead on the tenants and the cloud provider.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77214718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce an efficient Key-Policy Attribute-Based Encryption (KP-ABE) scheme in prime order groups. Our scheme is semi-adaptively secure under the decisional linear assumption and supports a large universe of attributes and multi-use of attributes. Those properties are critical for real applications of KP-ABE schemes since they enable an efficient and flexible access control. Prior to our work, existing KP-ABE schemes with short ciphertexts were in composite order groups or utilized either Dual Pairing Vector Spaces (DPVS) or Dual System Groups (DSG) in prime order groups. However, those techniques brought an efficiency loss. In this work, we utilize a nested dual system encryption which is a variant of Waters' dual system encryption (Crypto' 09) to achieve semi-adaptively secure KP-ABE. As a result, we obtain a new scheme having better efficiency compared to existing schemes while it keeps a semi-adaptive security under the standard assumption. We implement our scheme and compare its efficiency with the previous best work.
{"title":"An Efficient KP-ABE with Short Ciphertexts in Prime OrderGroups under Standard Assumption","authors":"Jongkil Kim, W. Susilo, F. Guo, M. Au, S. Nepal","doi":"10.1145/3052973.3053003","DOIUrl":"https://doi.org/10.1145/3052973.3053003","url":null,"abstract":"We introduce an efficient Key-Policy Attribute-Based Encryption (KP-ABE) scheme in prime order groups. Our scheme is semi-adaptively secure under the decisional linear assumption and supports a large universe of attributes and multi-use of attributes. Those properties are critical for real applications of KP-ABE schemes since they enable an efficient and flexible access control. Prior to our work, existing KP-ABE schemes with short ciphertexts were in composite order groups or utilized either Dual Pairing Vector Spaces (DPVS) or Dual System Groups (DSG) in prime order groups. However, those techniques brought an efficiency loss. In this work, we utilize a nested dual system encryption which is a variant of Waters' dual system encryption (Crypto' 09) to achieve semi-adaptively secure KP-ABE. As a result, we obtain a new scheme having better efficiency compared to existing schemes while it keeps a semi-adaptive security under the standard assumption. We implement our scheme and compare its efficiency with the previous best work.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"13 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81204319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sanchuan Chen, Xiaokuan Zhang, M. Reiter, Yinqian Zhang
Intel Software Guard Extension (SGX) protects the confidentiality and integrity of an unprivileged program running inside a secure enclave from a privileged attacker who has full control of the entire operating system (OS). Program execution inside this enclave is therefore referred to as shielded. Unfortunately, shielded execution does not protect programs from side-channel attacks by a privileged attacker. For instance, it has been shown that by changing page table entries of memory pages used by shielded execution, a malicious OS kernel could observe memory page accesses from the execution and hence infer a wide range of sensitive information about it. In fact, this page-fault side channel is only an instance of a category of side-channel attacks, here called privileged side-channel attacks, in which privileged attackers frequently preempt the shielded execution to obtain fine-grained side-channel observations. In this paper, we present Deja Vu, a software framework that enables a shielded execution to detect such privileged side-channel attacks. Specifically, we build into shielded execution the ability to check program execution time at the granularity of paths in its control-flow graph. To provide a trustworthy source of time measurement, Deja Vu implements a novel software reference clock that is protected by Intel Transactional Synchronization Extensions (TSX), a hardware implementation of transactional memory. Evaluations show that Deja Vu effectively detects side-channel attacks against shielded execution and against the reference clock itself.
{"title":"Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu","authors":"Sanchuan Chen, Xiaokuan Zhang, M. Reiter, Yinqian Zhang","doi":"10.1145/3052973.3053007","DOIUrl":"https://doi.org/10.1145/3052973.3053007","url":null,"abstract":"Intel Software Guard Extension (SGX) protects the confidentiality and integrity of an unprivileged program running inside a secure enclave from a privileged attacker who has full control of the entire operating system (OS). Program execution inside this enclave is therefore referred to as shielded. Unfortunately, shielded execution does not protect programs from side-channel attacks by a privileged attacker. For instance, it has been shown that by changing page table entries of memory pages used by shielded execution, a malicious OS kernel could observe memory page accesses from the execution and hence infer a wide range of sensitive information about it. In fact, this page-fault side channel is only an instance of a category of side-channel attacks, here called privileged side-channel attacks, in which privileged attackers frequently preempt the shielded execution to obtain fine-grained side-channel observations. In this paper, we present Deja Vu, a software framework that enables a shielded execution to detect such privileged side-channel attacks. Specifically, we build into shielded execution the ability to check program execution time at the granularity of paths in its control-flow graph. To provide a trustworthy source of time measurement, Deja Vu implements a novel software reference clock that is protected by Intel Transactional Synchronization Extensions (TSX), a hardware implementation of transactional memory. Evaluations show that Deja Vu effectively detects side-channel attacks against shielded execution and against the reference clock itself.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"73 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79152121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
SP3 presents the design and implementation of a service to allow clients to send themselves a limited amount of network traffic from an arbitrary source IP address. Packet Spoofing is a powerful tool, although often misused, and has the potential to establish TCP connections between clients located behind NATs, to learn about network firewall policies, and to obscure communication patterns by separating source and destination. SP^3 is the first system to offer this capability as a service, while implementing safeguards to prevent malicious users from attacking others. This poster presents the design of SP^3.
{"title":"A Secure, Practical & Safe Packet Spoofing Service","authors":"W. Scott","doi":"10.1145/3052973.3055155","DOIUrl":"https://doi.org/10.1145/3052973.3055155","url":null,"abstract":"SP3 presents the design and implementation of a service to allow clients to send themselves a limited amount of network traffic from an arbitrary source IP address. Packet Spoofing is a powerful tool, although often misused, and has the potential to establish TCP connections between clients located behind NATs, to learn about network firewall policies, and to obscure communication patterns by separating source and destination. SP^3 is the first system to offer this capability as a service, while implementing safeguards to prevent malicious users from attacking others. This poster presents the design of SP^3.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"27 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90584372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: