首页 > 最新文献

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security最新文献

英文 中文
EncKV: An Encrypted Key-value Store with Rich Queries EncKV:具有丰富查询的加密键值存储
Xingliang Yuan, Yu Guo, Xinyu Wang, Cong Wang, Baochun Li, X. Jia
Distributed data stores have been rapidly evolving to serve the needs of large-scale applications such as online gaming and real-time targeting. In particular, distributed key-value stores have been widely adopted due to their superior performance. However, these systems do not guarantee to provide strong protection of data confidentiality, and as a result fall short of addressing serious privacy concerns raised from massive data breaches. In this paper, we introduce EncKV, an encrypted key-value store with secure rich query support. First, EncKV stores encrypted data records with multiple secondary attributes in the form of encrypted key-value pairs. Second, it leverages the latest practical primitives for searching over encrypted data, i.e., searchable symmetric encryption and order-revealing encryption, and provides encrypted indexes with guaranteed security to support exact-match and range-match queries via secondary attributes of data records. Third, it carefully integrates these indexes into a distributed index framework to facilitate secure query processing in parallel. To mitigate recent inference attacks on encrypted database systems, EncKV protects the order information during range queries, and presents an interactive batch query mechanism to further hide the associations across data values on different attributes. We implement an EncKV prototype on a Redis cluster, and conduct an extensive set of performance evaluations on the Amazon EC2 public cloud platform. Our results show that EncKV effectively preserves the efficiency and scalability of plaintext distributed key-value stores.
分布式数据存储正在迅速发展,以满足在线游戏和实时定位等大规模应用程序的需求。特别是,分布式键值存储由于其优越的性能而被广泛采用。然而,这些系统不能保证为数据保密性提供强有力的保护,因此无法解决大规模数据泄露引发的严重隐私问题。本文介绍了一种具有安全富查询支持的加密键值存储EncKV。首先,EncKV以加密键值对的形式存储具有多个辅助属性的加密数据记录。其次,它利用最新的实用原语来搜索加密数据,即可搜索的对称加密和揭示顺序的加密,并提供具有保证安全性的加密索引,以支持通过数据记录的辅助属性进行精确匹配和范围匹配查询。第三,它仔细地将这些索引集成到分布式索引框架中,以促进并行的安全查询处理。为了减轻最近对加密数据库系统的推理攻击,EncKV在范围查询期间保护了订单信息,并提出了交互式批处理查询机制,以进一步隐藏不同属性上数据值之间的关联。我们在Redis集群上实现了一个EncKV原型,并在Amazon EC2公共云平台上进行了一组广泛的性能评估。结果表明,EncKV有效地保留了明文分布式键值存储的效率和可扩展性。
{"title":"EncKV: An Encrypted Key-value Store with Rich Queries","authors":"Xingliang Yuan, Yu Guo, Xinyu Wang, Cong Wang, Baochun Li, X. Jia","doi":"10.1145/3052973.3052977","DOIUrl":"https://doi.org/10.1145/3052973.3052977","url":null,"abstract":"Distributed data stores have been rapidly evolving to serve the needs of large-scale applications such as online gaming and real-time targeting. In particular, distributed key-value stores have been widely adopted due to their superior performance. However, these systems do not guarantee to provide strong protection of data confidentiality, and as a result fall short of addressing serious privacy concerns raised from massive data breaches. In this paper, we introduce EncKV, an encrypted key-value store with secure rich query support. First, EncKV stores encrypted data records with multiple secondary attributes in the form of encrypted key-value pairs. Second, it leverages the latest practical primitives for searching over encrypted data, i.e., searchable symmetric encryption and order-revealing encryption, and provides encrypted indexes with guaranteed security to support exact-match and range-match queries via secondary attributes of data records. Third, it carefully integrates these indexes into a distributed index framework to facilitate secure query processing in parallel. To mitigate recent inference attacks on encrypted database systems, EncKV protects the order information during range queries, and presents an interactive batch query mechanism to further hide the associations across data values on different attributes. We implement an EncKV prototype on a Redis cluster, and conduct an extensive set of performance evaluations on the Amazon EC2 public cloud platform. Our results show that EncKV effectively preserves the efficiency and scalability of plaintext distributed key-value stores.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"442 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76329757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Pass-O: A Proposal to Improve the Security of Pattern Unlock Scheme Pass-O:一种提高模式解锁方案安全性的建议
Harshal Tupsamudre, Vijayanand Banahatti, S. Lodha, Ketan Vyas
The graphical pattern unlock scheme which requires users to connect a minimum of 4 nodes on 3X3 grid is one of the most popular authentication mechanism on mobile devices. However prior research suggests that users' pattern choices are highly biased and hence vulnerable to guessing attacks. Moreover, 3X3 pattern choices are devoid of features such as longer stroke lengths, direction changes and intersections that are considered to be important in preventing shoulder-surfing attacks. We attribute these insecure practices to the geometry of the grid and its complicated drawing rules which prevent users from realising the full potential of graphical passwords. In this paper, we propose and explore an alternate circular layout referred to as Pass-O which unlike grid layout allows connection between any two nodes, thus simplifying the pattern drawing rules. Consequently, Pass-O produces a theoretical search space of 9,85,824, almost 2.5 times greater than 3X3 grid layout. We compare the security of 3X3 and Pass-O patterns theoretically as well as empirically. Theoretically, Pass-O patterns are uniform and have greater visual complexity due to large number of intersections. To perform empirical analysis, we conduct a large-scale web-based user study and collect more than 1,23,000 patterns from 21,053 users. After examining user-chosen 3X3 and Pass-O patterns across different metrics such as pattern length, stroke length, start point, end point, repetitions, number of direction changes and intersections, we find that Pass-O patterns are much more secure than 3X3 patterns.
图形模式解锁方案要求用户在3X3网格上连接至少4个节点,这是移动设备上最流行的身份验证机制之一。然而,先前的研究表明,用户的模式选择是高度偏见的,因此很容易受到猜测攻击。此外,3X3模式的选择是缺乏功能,如更长的行程长度,方向变化和交叉点,被认为是防止肩冲浪攻击的重要。我们将这些不安全的做法归因于网格的几何形状及其复杂的绘图规则,这些规则阻止用户实现图形密码的全部潜力。在本文中,我们提出并探索了一种称为Pass-O的替代圆形布局,它与网格布局不同,允许任意两个节点之间的连接,从而简化了图案绘制规则。因此,Pass-O产生的理论搜索空间为9,85,824,几乎是3X3网格布局的2.5倍。我们从理论上和经验上比较了3X3和Pass-O模式的安全性。从理论上讲,Pass-O图案是均匀的,并且由于大量的交叉点而具有较大的视觉复杂性。为了进行实证分析,我们进行了大规模的基于网络的用户研究,从21,053个用户中收集了超过1,23,000个模式。在检查了用户选择的3X3和Pass-O模式的不同指标(如模式长度、笔画长度、起点、终点、重复次数、方向变化数量和交叉点)后,我们发现Pass-O模式比3X3模式更安全。
{"title":"Pass-O: A Proposal to Improve the Security of Pattern Unlock Scheme","authors":"Harshal Tupsamudre, Vijayanand Banahatti, S. Lodha, Ketan Vyas","doi":"10.1145/3052973.3053041","DOIUrl":"https://doi.org/10.1145/3052973.3053041","url":null,"abstract":"The graphical pattern unlock scheme which requires users to connect a minimum of 4 nodes on 3X3 grid is one of the most popular authentication mechanism on mobile devices. However prior research suggests that users' pattern choices are highly biased and hence vulnerable to guessing attacks. Moreover, 3X3 pattern choices are devoid of features such as longer stroke lengths, direction changes and intersections that are considered to be important in preventing shoulder-surfing attacks. We attribute these insecure practices to the geometry of the grid and its complicated drawing rules which prevent users from realising the full potential of graphical passwords. In this paper, we propose and explore an alternate circular layout referred to as Pass-O which unlike grid layout allows connection between any two nodes, thus simplifying the pattern drawing rules. Consequently, Pass-O produces a theoretical search space of 9,85,824, almost 2.5 times greater than 3X3 grid layout. We compare the security of 3X3 and Pass-O patterns theoretically as well as empirically. Theoretically, Pass-O patterns are uniform and have greater visual complexity due to large number of intersections. To perform empirical analysis, we conduct a large-scale web-based user study and collect more than 1,23,000 patterns from 21,053 users. After examining user-chosen 3X3 and Pass-O patterns across different metrics such as pattern length, stroke length, start point, end point, repetitions, number of direction changes and intersections, we find that Pass-O patterns are much more secure than 3X3 patterns.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"35 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76343637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Almost Universal Forgery Attacks on the COPA and Marble Authenticated Encryption Algorithms 对COPA和Marble认证加密算法的几乎通用伪造攻击
Jiqiang Lu
The COPA authenticated encryption mode was proved to have a birthday-bound security on integrity, and its instantiation AES-COPA (v1/2) was claimed or conjectured to have a full security on tag guessing. The Marble (v1.0/1.1/1.2) authenticated encryption algorithm was claimed to have a full security on authenticity. Both AES-COPA (v1) and Marble (v1.0) were submitted to the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) in 2014, and Marble was revised twice (v1.1/1.2) in the first round of CAESAR, and AES-COPA (v1) was tweaked (v2) for the second round of CAESAR. In this paper, we cryptanalyse the basic cases of COPA, AES-COPA and Marble, that process messages of a multiple of the block size long; we present collision-based almost universal forgery attacks on the basic cases of COPA, AES-COPA (v1/2) and Marble (v1.0/1.1/1.2), and show that the basic cases of COPA and AES-COPA have roughly at most a birthday-bound security on tag guessing and the basic case of Marble has roughly at most a birthday-bound security on authenticity. The attacks on COPA and AES-COPA do not violate their birthday-bound security proof on integrity, but the attack on AES-COPA violates its full security claim or conjecture on tag guessing. Therefore, the full security claim or conjecture on tag guessing of AES-COPA and the full security claim on authenticity of Marble are incorrectly far overestimated in the sense of a general understanding of full security of these security notions. Designers should pay attention to these attacks when designing authenticated encryption algorithms with similar structures in the future, and should be careful when claiming the security of an advanced form of a security notion without making a corresponding proof after proving the security of the security notion only under its most fundamental form.
证明了COPA身份验证加密模式在完整性上具有生日绑定安全性,并声称或推测其实例AES-COPA (v1/2)在标签猜测上具有完全安全性。据称,经过身份验证的加密算法Marble (v1.0/1.1/1.2)具有完全的真实性安全性。2014年,AES-COPA (v1)和Marble (v1.0)都提交给了Authenticated Encryption: Security, Applicability, and Robustness Competition (CAESAR),在CAESAR的第一轮中,Marble进行了两次修订(v1.1/1.2),在CAESAR的第二轮中,AES-COPA (v1)进行了调整(v2)。在本文中,我们对COPA、AES-COPA和Marble的基本情况进行了密码分析,它们处理的消息长度是块大小的倍数;我们对COPA、AES-COPA (v1/2)和Marble (v1.0/1.1/1.2)的基本情况提出了基于碰撞的几乎通用伪造攻击,并表明COPA和AES-COPA的基本情况在标签猜测方面最多具有粗略的生日绑定安全性,而Marble的基本情况在真实性方面最多具有粗略的生日绑定安全性。对COPA和AES-COPA的攻击没有违反其生日绑定的完整性安全证明,但对AES-COPA的攻击违反了其对标签猜测的完全安全声明或猜想。因此,在对这些安全概念的完全安全的一般理解的意义上,AES-COPA对标签猜测的完全安全声明或猜想,以及对大理石的真实性的完全安全声明都被错误地高估了。设计者在今后设计具有类似结构的经过认证的加密算法时应注意这些攻击,在只证明了安全概念最基本形式下的安全性后,声称安全概念的高级形式的安全性而不做相应的证明时应谨慎。
{"title":"Almost Universal Forgery Attacks on the COPA and Marble Authenticated Encryption Algorithms","authors":"Jiqiang Lu","doi":"10.1145/3052973.3052981","DOIUrl":"https://doi.org/10.1145/3052973.3052981","url":null,"abstract":"The COPA authenticated encryption mode was proved to have a birthday-bound security on integrity, and its instantiation AES-COPA (v1/2) was claimed or conjectured to have a full security on tag guessing. The Marble (v1.0/1.1/1.2) authenticated encryption algorithm was claimed to have a full security on authenticity. Both AES-COPA (v1) and Marble (v1.0) were submitted to the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) in 2014, and Marble was revised twice (v1.1/1.2) in the first round of CAESAR, and AES-COPA (v1) was tweaked (v2) for the second round of CAESAR. In this paper, we cryptanalyse the basic cases of COPA, AES-COPA and Marble, that process messages of a multiple of the block size long; we present collision-based almost universal forgery attacks on the basic cases of COPA, AES-COPA (v1/2) and Marble (v1.0/1.1/1.2), and show that the basic cases of COPA and AES-COPA have roughly at most a birthday-bound security on tag guessing and the basic case of Marble has roughly at most a birthday-bound security on authenticity. The attacks on COPA and AES-COPA do not violate their birthday-bound security proof on integrity, but the attack on AES-COPA violates its full security claim or conjecture on tag guessing. Therefore, the full security claim or conjecture on tag guessing of AES-COPA and the full security claim on authenticity of Marble are incorrectly far overestimated in the sense of a general understanding of full security of these security notions. Designers should pay attention to these attacks when designing authenticated encryption algorithms with similar structures in the future, and should be careful when claiming the security of an advanced form of a security notion without making a corresponding proof after proving the security of the security notion only under its most fundamental form.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"84 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73754244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Session details: Mobile Apps & Markets 会议细节:移动应用和市场
W. Enck
{"title":"Session details: Mobile Apps & Markets","authors":"W. Enck","doi":"10.1145/3248548","DOIUrl":"https://doi.org/10.1145/3248548","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"63 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73829628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Storage Security 会话详细信息:存储安全
Long Lu
{"title":"Session details: Storage Security","authors":"Long Lu","doi":"10.1145/3248556","DOIUrl":"https://doi.org/10.1145/3248556","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"80 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76160995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Embedded Systems Security 1 会议详情:嵌入式系统安全
Daphne Yao
{"title":"Session details: Embedded Systems Security 1","authors":"Daphne Yao","doi":"10.1145/3248549","DOIUrl":"https://doi.org/10.1145/3248549","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"21 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79112659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Role of Hosting Providers in Fighting Command and Control Infrastructure of Financial Malware 托管提供商在打击金融恶意软件的指挥和控制基础设施中的作用
Samaneh Tajalizadehkhoob, C. Gañán, Arman Noroozian, M. V. Eeten
A variety of botnets are used in attacks on financial services. Banks and security firms invest a lot of effort in detecting and combating malware-assisted takeover of customer accounts. A critical resource of these botnets is their command-and-control (C&C) infrastructure. Attackers rent or compromise servers to operate their C&C infrastructure. Hosting providers routinely take down C&C servers, but the effectiveness of this mitigation strategy depends on understanding how attackers select the hosting providers to host their servers. Do they prefer, for example, providers who are slow or unwilling in taking down C&Cs? In this paper, we analyze 7 years of data on the C&C servers of botnets that have engaged in attacks on financial services. Our aim is to understand whether attackers prefer certain types of providers or whether their C&Cs are randomly distributed across the whole attack surface of the hosting industry. We extract a set of structural properties of providers to capture the attack surface. We model the distribution of C&Cs across providers and show that the mere size of the provider can explain around 71% of the variance in the number of C&Cs per provider, whereas the rule of law in the country only explains around 1%. We further observe that price, time in business, popularity and ratio of vulnerable websites of providers relate significantly with C&C counts. Finally, we find that the speed with which providers take down C&C domains has only a weak relation with C&C occurrence rates, adding only 1% explained variance. This suggests attackers have little to no preference for providers who allow long-lived C&C domains.
各种僵尸网络被用于对金融服务的攻击。银行和安全公司在检测和打击恶意软件入侵客户账户方面投入了大量精力。这些僵尸网络的一个关键资源是它们的命令与控制(C&C)基础设施。攻击者租用或破坏服务器来操作他们的C&C基础设施。托管提供商通常会关闭C&C服务器,但此缓解策略的有效性取决于了解攻击者如何选择托管提供商来托管其服务器。例如,他们是否更喜欢那些行动缓慢或不愿拆除c&c的供应商?在本文中,我们分析了7年来参与金融服务攻击的僵尸网络C&C服务器上的数据。我们的目标是了解攻击者是否更喜欢某些类型的提供商,或者他们的c&c是否随机分布在整个托管行业的攻击面。我们提取提供者的一组结构属性来捕获攻击面。我们对各个供应商的c&c分布进行了建模,结果表明,供应商的规模可以解释每个供应商的c&c数量差异的71%左右,而该国的法治只能解释约1%。我们进一步观察到,供应商的价格、营业时间、受欢迎程度和易受攻击网站的比例与C&C计数显著相关。最后,我们发现提供商删除C&C域的速度与C&C发生率只有微弱的关系,只增加了1%的解释方差。这表明攻击者对那些允许长时间使用C&C域的提供商几乎没有偏好。
{"title":"The Role of Hosting Providers in Fighting Command and Control Infrastructure of Financial Malware","authors":"Samaneh Tajalizadehkhoob, C. Gañán, Arman Noroozian, M. V. Eeten","doi":"10.1145/3052973.3053023","DOIUrl":"https://doi.org/10.1145/3052973.3053023","url":null,"abstract":"A variety of botnets are used in attacks on financial services. Banks and security firms invest a lot of effort in detecting and combating malware-assisted takeover of customer accounts. A critical resource of these botnets is their command-and-control (C&C) infrastructure. Attackers rent or compromise servers to operate their C&C infrastructure. Hosting providers routinely take down C&C servers, but the effectiveness of this mitigation strategy depends on understanding how attackers select the hosting providers to host their servers. Do they prefer, for example, providers who are slow or unwilling in taking down C&Cs? In this paper, we analyze 7 years of data on the C&C servers of botnets that have engaged in attacks on financial services. Our aim is to understand whether attackers prefer certain types of providers or whether their C&Cs are randomly distributed across the whole attack surface of the hosting industry. We extract a set of structural properties of providers to capture the attack surface. We model the distribution of C&Cs across providers and show that the mere size of the provider can explain around 71% of the variance in the number of C&Cs per provider, whereas the rule of law in the country only explains around 1%. We further observe that price, time in business, popularity and ratio of vulnerable websites of providers relate significantly with C&C counts. Finally, we find that the speed with which providers take down C&C domains has only a weak relation with C&C occurrence rates, adding only 1% explained variance. This suggests attackers have little to no preference for providers who allow long-lived C&C domains.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"55 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84470166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
WedgeTail: An Intrusion Prevention System for the Data Plane of Software Defined Networks 楔尾:一种软件定义网络数据平面的入侵防御系统
Arash Shaghaghi, M. Kâafar, Sanjay Jha
Networks are vulnerable to disruptions caused by malicious forwarding devices. The situation is likely to worsen in Software Defined Networks (SDNs) with the incompatibility of existing solutions, use of programmable soft switches and the potential of bringing down an entire network through compromised forwarding devices. In this paper, we present WedgeTail, an Intrusion Prevention System (IPS) designed to secure the SDN data plane. WedgeTail regards forwarding devices as points within a geometric space and stores the path packets take when traversing the network as trajectories. To be efficient, it prioritizes forwarding devices before inspection using an unsupervised trajectory-based sampling mechanism. For each of the forwarding device, WedgeTail computes the expected and actual trajectories of packets and 'hunts' for any forwarding device not processing packets as expected. Compared to related work, WedgeTail is also capable of distinguishing between malicious actions such as packet drop and generation. Moreover, WedgeTail employs a radically different methodology that enables detecting threats autonomously. In fact, it has no reliance on pre-defined rules by an administrator and may be easily imported to protect SDN networks with different setups, forwarding devices, and controllers. We have evaluated WedgeTail in simulated environments, and it has been capable of detecting and responding to all implanted malicious forwarding devices within a reasonable time-frame. We report on the design, implementation, and evaluation of WedgeTail in this manuscript.
网络很容易受到恶意转发设备的破坏。在软件定义网络(sdn)中,由于现有解决方案的不兼容性、可编程软交换机的使用以及由于转发设备受损而导致整个网络瘫痪的可能性,这种情况可能会恶化。在本文中,我们提出了WedgeTail,一个入侵防御系统(IPS),旨在保护SDN数据平面。WedgeTail将转发设备视为几何空间内的点,将报文在网络中穿行的路径存储为轨迹。为了提高效率,它使用基于无监督轨迹的采样机制在检查之前优先转发设备。对于每个转发设备,WedgeTail计算数据包的预期和实际轨迹,并“寻找”任何未按预期处理数据包的转发设备。与相关工作相比,WedgeTail还能够区分恶意行为,如丢包和生成。此外,WedgeTail采用了一种完全不同的方法,可以自动检测威胁。实际上,它不依赖于管理员预先定义的规则,可以很容易地导入,以保护具有不同设置、转发设备和控制器的SDN网络。我们已经在模拟环境中对WedgeTail进行了评估,它已经能够在合理的时间范围内检测并响应所有植入的恶意转发设备。在本文中,我们报告了WedgeTail的设计、实现和评估。
{"title":"WedgeTail: An Intrusion Prevention System for the Data Plane of Software Defined Networks","authors":"Arash Shaghaghi, M. Kâafar, Sanjay Jha","doi":"10.1145/3052973.3053039","DOIUrl":"https://doi.org/10.1145/3052973.3053039","url":null,"abstract":"Networks are vulnerable to disruptions caused by malicious forwarding devices. The situation is likely to worsen in Software Defined Networks (SDNs) with the incompatibility of existing solutions, use of programmable soft switches and the potential of bringing down an entire network through compromised forwarding devices. In this paper, we present WedgeTail, an Intrusion Prevention System (IPS) designed to secure the SDN data plane. WedgeTail regards forwarding devices as points within a geometric space and stores the path packets take when traversing the network as trajectories. To be efficient, it prioritizes forwarding devices before inspection using an unsupervised trajectory-based sampling mechanism. For each of the forwarding device, WedgeTail computes the expected and actual trajectories of packets and 'hunts' for any forwarding device not processing packets as expected. Compared to related work, WedgeTail is also capable of distinguishing between malicious actions such as packet drop and generation. Moreover, WedgeTail employs a radically different methodology that enables detecting threats autonomously. In fact, it has no reliance on pre-defined rules by an administrator and may be easily imported to protect SDN networks with different setups, forwarding devices, and controllers. We have evaluated WedgeTail in simulated environments, and it has been capable of detecting and responding to all implanted malicious forwarding devices within a reasonable time-frame. We report on the design, implementation, and evaluation of WedgeTail in this manuscript.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"81 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83969174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 47
SCM: Secure Code Memory Architecture 安全代码存储体系结构
Ruan de Clercq, Ronald De Keulenaer, Pieter Maene, B. Preneel, B. D. Sutter, I. Verbauwhede
An increasing number of applications implemented on a SoC (System-on-chip) require security features. This work addresses the issue of protecting the integrity of code and read-only data that is stored in memory. To this end, we propose a new architecture called SCM, which works as a standalone IP core in a SoC. To the best of our knowledge, there exists no architectural elements similar to SCM that offer the same strict security guarantees while, at the same time, not requiring any modifications to other IP cores in its SoC design. In addition, SCM has the flexibility to select the parts of the software to be protected, which eases the integration of our solution with existing software. The evaluation of SCM was done on the Zynq platform which features an ARM processor and an FPGA. The design was evaluated by executing a number of different benchmarks from memory protected by SCM, and we found that it introduces minimal overhead to the system.
在SoC(片上系统)上实现的越来越多的应用程序需要安全功能。这项工作解决了保护存储在内存中的代码和只读数据的完整性的问题。为此,我们提出了一种称为SCM的新架构,它可以作为SoC中的独立IP核。据我们所知,不存在类似于SCM的架构元素,提供同样严格的安全保证,同时,不需要在其SoC设计中对其他IP内核进行任何修改。此外,SCM具有选择要保护的软件部分的灵活性,这简化了我们的解决方案与现有软件的集成。在采用ARM处理器和FPGA的Zynq平台上对单片机进行了评估。该设计通过在SCM保护的内存中执行许多不同的基准测试来评估,我们发现它给系统带来了最小的开销。
{"title":"SCM: Secure Code Memory Architecture","authors":"Ruan de Clercq, Ronald De Keulenaer, Pieter Maene, B. Preneel, B. D. Sutter, I. Verbauwhede","doi":"10.1145/3052973.3053044","DOIUrl":"https://doi.org/10.1145/3052973.3053044","url":null,"abstract":"An increasing number of applications implemented on a SoC (System-on-chip) require security features. This work addresses the issue of protecting the integrity of code and read-only data that is stored in memory. To this end, we propose a new architecture called SCM, which works as a standalone IP core in a SoC. To the best of our knowledge, there exists no architectural elements similar to SCM that offer the same strict security guarantees while, at the same time, not requiring any modifications to other IP cores in its SoC design. In addition, SCM has the flexibility to select the parts of the software to be protected, which eases the integration of our solution with existing software. The evaluation of SCM was done on the Zynq platform which features an ARM processor and an FPGA. The design was evaluated by executing a number of different benchmarks from memory protected by SCM, and we found that it introduces minimal overhead to the system.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"362 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89299692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
BinSequence: Fast, Accurate and Scalable Binary Code Reuse Detection BinSequence:快速,准确和可扩展的二进制代码重用检测
He Huang, A. Youssef, M. Debbabi
Code reuse detection is a key technique in reverse engineering. However, existing source code similarity comparison techniques are not applicable to binary code. Moreover, compilers have made this problem even more difficult due to the fact that different assembly code and control flow structures can be generated by the compilers even when implementing the same functionality. To address this problem, we present a fuzzy matching approach to compare two functions. We first obtain an initial mapping between basic blocks by leveraging the concept of longest common subsequence on the basic block level and execution path level. We then extend the achieved mapping using neighborhood exploration. To make our approach applicable to large data sets, we designed an effective filtering process using Minhashing. Based on the proposed approach, we implemented a tool named BinSequence and conducted extensive experiments with it. Our results show that given a large assembly code repository with millions of functions, BinSequence is efficient and can attain high quality similarity ranking of assembly functions with an accuracy of above 90%. We also present several practical use cases including patch analysis, malware analysis and bug search.
代码重用检测是逆向工程中的一项关键技术。然而,现有的源代码相似度比较技术并不适用于二进制代码。此外,编译器使这个问题变得更加困难,因为即使在实现相同的功能时,编译器也可以生成不同的汇编代码和控制流结构。为了解决这个问题,我们提出了一种模糊匹配方法来比较两个函数。我们首先利用基本块级和执行路径级的最长公共子序列概念获得基本块之间的初始映射。然后,我们使用邻域探索扩展已实现的映射。为了使我们的方法适用于大型数据集,我们使用散列设计了一个有效的过滤过程。基于提出的方法,我们实现了一个名为BinSequence的工具,并对其进行了广泛的实验。我们的研究结果表明,给定一个包含数百万函数的大型汇编代码库,BinSequence是高效的,可以获得高质量的汇编函数相似度排序,准确率在90%以上。我们还介绍了几个实际用例,包括补丁分析、恶意软件分析和错误搜索。
{"title":"BinSequence: Fast, Accurate and Scalable Binary Code Reuse Detection","authors":"He Huang, A. Youssef, M. Debbabi","doi":"10.1145/3052973.3052974","DOIUrl":"https://doi.org/10.1145/3052973.3052974","url":null,"abstract":"Code reuse detection is a key technique in reverse engineering. However, existing source code similarity comparison techniques are not applicable to binary code. Moreover, compilers have made this problem even more difficult due to the fact that different assembly code and control flow structures can be generated by the compilers even when implementing the same functionality. To address this problem, we present a fuzzy matching approach to compare two functions. We first obtain an initial mapping between basic blocks by leveraging the concept of longest common subsequence on the basic block level and execution path level. We then extend the achieved mapping using neighborhood exploration. To make our approach applicable to large data sets, we designed an effective filtering process using Minhashing. Based on the proposed approach, we implemented a tool named BinSequence and conducted extensive experiments with it. Our results show that given a large assembly code repository with millions of functions, BinSequence is efficient and can attain high quality similarity ranking of assembly functions with an accuracy of above 90%. We also present several practical use cases including patch analysis, malware analysis and bug search.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87593819","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
期刊
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1