Pub Date : 2016-05-24DOI: 10.4108/eai.3-12-2015.2262516
A. Javaid, Quamar Niyaz, Weiqing Sun, Mansoor Alam
A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in � �their organizations. However, many challenges arise while � �developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for developing such an efficient and flexible NIDS. � �We use Self-taught Learning (STL), a deep learning based technique, on NSL-KDD - a benchmark dataset for network � �intrusion. We present the performance of our approach and compare it with a few previous work. Compared metrics include accuracy, precision, recall, and f-measure values.
{"title":"A Deep Learning Approach for Network Intrusion Detection System","authors":"A. Javaid, Quamar Niyaz, Weiqing Sun, Mansoor Alam","doi":"10.4108/eai.3-12-2015.2262516","DOIUrl":"https://doi.org/10.4108/eai.3-12-2015.2262516","url":null,"abstract":"A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in \u0000 \u0000their organizations. However, many challenges arise while \u0000 \u0000developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for developing such an efficient and flexible NIDS. \u0000 \u0000We use Self-taught Learning (STL), a deep learning based technique, on NSL-KDD - a benchmark dataset for network \u0000 \u0000intrusion. We present the performance of our approach and compare it with a few previous work. Compared metrics include accuracy, precision, recall, and f-measure values.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132978952","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-24DOI: 10.4108/eai.3-12-2015.2262519
W. Casey, Parisa Memarmoshrefi, Ansgar Kellner, J. Morales, B. Mishra
Maintenance and verication of persistent identities is an � �important problem in the area of networking. Particularly, � �their critical roles in Wireless Ad-hoc networks (WANETs) � �have become even more prominent as they begin to be deployed � �in several application domains. In these contexts, � �Sybil attacks, making use of replicated deceptive identities, � �represent a major challenge for the designers of these networks. � �Inspired by biological models of ant colonies and � �their dynamics studied via information asymmetric signaling � �games, we propose an architecture that can withstand Sybil � �attacks, similar to ants, using complex chemical signaling � �systems and associated physical actions, naturally `authenticate' � �colony members. Here, we present a biomimetic authentication � �protocol with mechanisms similar to the physical � �processes of chemical diusion, and formalize approaches � �to tame the deceptive use of identities; we dub the resulting � �game anidentity management signaling game". To consider � �network system of nodes, pursuing non-cooperative and deceptive � �strategies, we develop an evolutionary game system � �allowing cooperative nodes to mutate deceptive strategies. � �We empirically study the dynamics using simulation experiments � �to select the parameters which aect the overall behaviors. � �Through experimentation we consider how an in- � �centive package in the form of a shared database can impact � �system behavior.
{"title":"Identity Deception and Game Deterrence via Signaling Games","authors":"W. Casey, Parisa Memarmoshrefi, Ansgar Kellner, J. Morales, B. Mishra","doi":"10.4108/eai.3-12-2015.2262519","DOIUrl":"https://doi.org/10.4108/eai.3-12-2015.2262519","url":null,"abstract":"Maintenance and verication of persistent identities is an \u0000 \u0000important problem in the area of networking. Particularly, \u0000 \u0000their critical roles in Wireless Ad-hoc networks (WANETs) \u0000 \u0000have become even more prominent as they begin to be deployed \u0000 \u0000in several application domains. In these contexts, \u0000 \u0000Sybil attacks, making use of replicated deceptive identities, \u0000 \u0000represent a major challenge for the designers of these networks. \u0000 \u0000Inspired by biological models of ant colonies and \u0000 \u0000their dynamics studied via information asymmetric signaling \u0000 \u0000games, we propose an architecture that can withstand Sybil \u0000 \u0000attacks, similar to ants, using complex chemical signaling \u0000 \u0000systems and associated physical actions, naturally `authenticate' \u0000 \u0000colony members. Here, we present a biomimetic authentication \u0000 \u0000protocol with mechanisms similar to the physical \u0000 \u0000processes of chemical diusion, and formalize approaches \u0000 \u0000to tame the deceptive use of identities; we dub the resulting \u0000 \u0000game anidentity management signaling game\". To consider \u0000 \u0000network system of nodes, pursuing non-cooperative and deceptive \u0000 \u0000strategies, we develop an evolutionary game system \u0000 \u0000allowing cooperative nodes to mutate deceptive strategies. \u0000 \u0000We empirically study the dynamics using simulation experiments \u0000 \u0000to select the parameters which aect the overall behaviors. \u0000 \u0000Through experimentation we consider how an in- \u0000 \u0000centive package in the form of a shared database can impact \u0000 \u0000system behavior.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126165615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-24DOI: 10.4108/eai.3-12-2015.2262505
Wataru Noguchi, H. Iizuka, Masahito Yamamoto
We propose an architecture of neural network that can learn and integrate sequential multimodal information using Long Short Term Memory. Our model consists of encoder and decoder LSTMs and multimodal autoencoder. For integrating sequential multimodal information, firstly, the encoder LSTM encodes a sequential input to a fixed range feature vector for each modality. Secondly, the multimodal autoencoder integrates the feature vectors from each modality and generate a fused feature vector which contains sequential multimodal information in a mixed form. The original feature vectors from each modality are re-generated from the fused feature vector in the multimodal autoencoder. The decoder LSTM decodes the sequential inputs from the regenerated feature vector. Our model is trained with the visual and motion sequences of humans and is tested by recall tasks. The experimental results show that our model can learn and remember the sequential multimodal inputs and decrease the ambiguity generated at the learning stage of LSTMs using integrated multimodal information. Our model can also recall the visual sequences from the only motion sequences and vice versa.
{"title":"Proposing Multimodal Integration Model Using LSTM and Autoencoder","authors":"Wataru Noguchi, H. Iizuka, Masahito Yamamoto","doi":"10.4108/eai.3-12-2015.2262505","DOIUrl":"https://doi.org/10.4108/eai.3-12-2015.2262505","url":null,"abstract":"We propose an architecture of neural network that can learn and integrate sequential multimodal information using Long Short Term Memory. Our model consists of encoder and decoder LSTMs and multimodal autoencoder. For integrating sequential multimodal information, firstly, the encoder LSTM encodes a sequential input to a fixed range feature vector for each modality. Secondly, the multimodal autoencoder integrates the feature vectors from each modality and generate a fused feature vector which contains sequential multimodal information in a mixed form. The original feature vectors from each modality are re-generated from the fused feature vector in the multimodal autoencoder. The decoder LSTM decodes the sequential inputs from the regenerated feature vector. Our model is trained with the visual and motion sequences of humans and is tested by recall tasks. The experimental results show that our model can learn and remember the sequential multimodal inputs and decrease the ambiguity generated at the learning stage of LSTMs using integrated multimodal information. Our model can also recall the visual sequences from the only motion sequences and vice versa.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127109714","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-24DOI: 10.4108/eai.3-12-2015.2262465
Han Zhang, Parisa Memarmoshrefi, Fatemeh Ashrafi, D. Hogrefe
In this work we focus on investigating the learning phase of an autonomous authentication mechanism. Through a series of � �simulation, an experimental best cutoff point and the aggression � �threshold values for different network size were calculated. In the test phase, those found values are proved by the average good accuracy.
{"title":"Investigating the Learning Phase of an Autonomous Authentication in Mobile Ad-hoc Networks","authors":"Han Zhang, Parisa Memarmoshrefi, Fatemeh Ashrafi, D. Hogrefe","doi":"10.4108/eai.3-12-2015.2262465","DOIUrl":"https://doi.org/10.4108/eai.3-12-2015.2262465","url":null,"abstract":"In this work we focus on investigating the learning phase of an autonomous authentication mechanism. Through a series of \u0000 \u0000simulation, an experimental best cutoff point and the aggression \u0000 \u0000threshold values for different network size were calculated. In the test phase, those found values are proved by the average good accuracy.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126910916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-24DOI: 10.4108/eai.3-12-2015.2262471
Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, C. Xenakis
Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.
{"title":"Evaluation of Cryptography Usage in Android Applications","authors":"Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, C. Xenakis","doi":"10.4108/eai.3-12-2015.2262471","DOIUrl":"https://doi.org/10.4108/eai.3-12-2015.2262471","url":null,"abstract":"Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130777155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-01-04DOI: 10.4108/eai.14-12-2015.2262650
Gian-Luca Dei Rossi, M. Iacono, A. Marin
The complexity of modern cloud facilities requires attentive management policies that � �should encompass all aspects of the system. Security is a critical issue, as intrusions, misuse or denial of service attacks may damage both the users and the cloud provider including its reputation on the market. Disruptive attacks happen fast, cause evident and short term damages and are usually the result of operations that are hard to disguise. On the other hand, Energy oriented Denial of Service (eDoS) attacks aim at producing continuous minor damages, eventually with long term consequences. These long lasting attacks are difficult to detect. In this paper we model and analyse the behaviour of a system under eDoS attack. We study the impact in terms of cloud energy consumption of an attack strategy previously proposed in the literature and compare it with other strategies that we propose. Our findings show that the strategy previously proposed in the literature, based on keeping the cloud close to saturation, is not optimal (from the point of view of the attacker) in presence of non-constant workload and that there is a trade-off between the aggressiveness of the attacker and the duration of the attack in order to maximise the damage.
现代云设施的复杂性需要细致的管理策略,这些策略应该包含系统的所有方面。安全是一个关键问题,因为入侵、滥用或拒绝服务攻击可能会损害用户和云提供商,包括其在市场上的声誉。破坏性攻击发生迅速,造成明显和短期的损害,通常是难以掩饰的操作的结果。另一方面,面向能量的拒绝服务(Energy - oriented Denial of Service, dos)攻击旨在造成持续的轻微损害,最终造成长期后果。这些持续时间很长的攻击很难被发现。本文对系统在dos攻击下的行为进行了建模和分析。我们研究了先前在文献中提出的攻击策略对云能源消耗的影响,并将其与我们提出的其他策略进行了比较。我们的研究结果表明,先前在文献中提出的策略,基于保持云接近饱和,在非恒定工作负载的存在下不是最佳的(从攻击者的角度来看),并且在攻击者的攻击性和攻击持续时间之间存在权衡,以便最大限度地造成损害。
{"title":"Evaluating the impact of eDoS attacks to cloud facilities","authors":"Gian-Luca Dei Rossi, M. Iacono, A. Marin","doi":"10.4108/eai.14-12-2015.2262650","DOIUrl":"https://doi.org/10.4108/eai.14-12-2015.2262650","url":null,"abstract":"The complexity of modern cloud facilities requires attentive management policies that \u0000 \u0000should encompass all aspects of the system. Security is a critical issue, as intrusions, misuse or denial of service attacks may damage both the users and the cloud provider including its reputation on the market. Disruptive attacks happen fast, cause evident and short term damages and are usually the result of operations that are hard to disguise. On the other hand, Energy oriented Denial of Service (eDoS) attacks aim at producing continuous minor damages, eventually with long term consequences. These long lasting attacks are difficult to detect. In this paper we model and analyse the behaviour of a system under eDoS attack. We study the impact in terms of cloud energy consumption of an attack strategy previously proposed in the literature and compare it with other strategies that we propose. Our findings show that the strategy previously proposed in the literature, based on keeping the cloud close to saturation, is not optimal (from the point of view of the attacker) in presence of non-constant workload and that there is a trade-off between the aggressiveness of the attacker and the duration of the attack in order to maximise the damage.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123257347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-01-04DOI: 10.4108/eai.14-12-2015.2262698
Jianing Zhao, P. Kemper
Beyond its use to encrypt data, an encryption key can be used as a mean to control access to data on a mobile de- vice by leveraging a cloud service. This implies that a key is present in a mobile device only when it is on demand and authorized by the cloud, the key is evicted when it is not in use. CleanOS is an example system that is based on this concept. For security reasons, keys are stored only in DRAM memory during execution, which makes them susceptible to memory errors. In this paper, we identify scenarios where a memory error that damages a key can escalate to an unrecoverable data loss in a mobile system.
{"title":"Protecting Encryption Keys in Mobile Systems Against Memory Errors","authors":"Jianing Zhao, P. Kemper","doi":"10.4108/eai.14-12-2015.2262698","DOIUrl":"https://doi.org/10.4108/eai.14-12-2015.2262698","url":null,"abstract":"Beyond its use to encrypt data, an encryption key can be used as a mean to control access to data on a mobile de- vice by leveraging a cloud service. This implies that a key is present in a mobile device only when it is on demand and authorized by the cloud, the key is evicted when it is not in use. CleanOS is an example system that is based on this concept. For security reasons, keys are stored only in DRAM memory during execution, which makes them susceptible to memory errors. In this paper, we identify scenarios where a memory error that damages a key can escalate to an unrecoverable data loss in a mobile system.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"94 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127981715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-01-04DOI: 10.4108/eai.14-12-2015.2262723
K. Keefe, W. Sanders
Reliability block diagram (RBD) models are a commonly used reliability analysis method. For static RBD models, combinatorial solution techniques are easy and efficient. However, static RBDs are limited in their ability to express varying system state, dependent events, and non-series-parallel topologies. A recent extension to RBDs, called Dynamic Reliability Block Diagrams (DRBD), has eliminated those limitations. This tool paper details the RBD implementation in the Mobius modeling framework and provides technical details for using RBDs independently or in composition with other Mobius modeling formalisms. The paper explains how the graphical front-end provides a user-friendly interface for specifying RBD models. The back-end implementation that interfaces with the Mobius AFI to dene and generate executable models that the Mobius tool uses to evaluate system metrics is also detailed.
{"title":"Reliability Analysis with Dynamic Reliability Block Diagrams in the Möbius Modeling Tool","authors":"K. Keefe, W. Sanders","doi":"10.4108/eai.14-12-2015.2262723","DOIUrl":"https://doi.org/10.4108/eai.14-12-2015.2262723","url":null,"abstract":"Reliability block diagram (RBD) models are a commonly used reliability analysis method. For static RBD models, combinatorial solution techniques are easy and efficient. However, static RBDs are limited in their ability to express varying system state, dependent events, and non-series-parallel topologies. A recent extension to RBDs, called Dynamic Reliability Block Diagrams (DRBD), has eliminated those limitations. This tool paper details the RBD implementation in the Mobius modeling framework and provides technical details for using RBDs independently or in composition with other Mobius modeling formalisms. The paper explains how the graphical front-end provides a user-friendly interface for specifying RBD models. The back-end implementation that interfaces with the Mobius AFI to dene and generate executable models that the Mobius tool uses to evaluate system metrics is also detailed.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128588505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-22DOI: 10.4108/EAI.14-10-2015.2261752
P. Curzon, A. Blandford, H. Thimbleby, A. Cox
Interactive medical devices such as infusion pumps, monitors and diagnostic devices help save lives. However, they are also safety critical in that they may fail in use and patient harm or death ensue. It is not just that the software and hardware should meet their specification. The design should help ensure users do not make mistakes. Safety factors become more important as medical devices become mobile and are used by patients as part of their everyday life rather than by trained professionals in well-defined hospital environments. Regulators are increasingly taking home-use seriously as a result of device recalls due to devices that have caused patient harm. We give insights from the research on the CHI+MED project (www.chi-med.ac.uk). It has focussed on understanding how the design of interactive medical devices can support safety. CHI+MED also developed practical tools and guidance that we review.
{"title":"Safer Interactive Medical Device Design: Insights from the CHI+MED Project","authors":"P. Curzon, A. Blandford, H. Thimbleby, A. Cox","doi":"10.4108/EAI.14-10-2015.2261752","DOIUrl":"https://doi.org/10.4108/EAI.14-10-2015.2261752","url":null,"abstract":"Interactive medical devices such as infusion pumps, monitors and diagnostic devices help save lives. However, they are also safety critical in that they may fail in use and patient harm or death ensue. It is not just that the software and hardware should meet their specification. The design should help ensure users do not make mistakes. Safety factors become more important as medical devices become mobile and are used by patients as part of their everyday life rather than by trained professionals in well-defined hospital environments. Regulators are increasingly taking home-use seriously as a result of device recalls due to devices that have caused patient harm. We give insights from the research on the CHI+MED project (www.chi-med.ac.uk). It has focussed on understanding how the design of interactive medical devices can support safety. CHI+MED also developed practical tools and guidance that we review.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131569781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-10-05DOI: 10.4108/eai.5-10-2015.150477
C. Kugler, Tilo Müller
Despite the fact that protection mechanisms like StackGuard, ASLR and NX are widespread, the development on new defense strategies against stack-based buffer overflows has not yet come to an end. In this article, we present a novel compiler-level protection called SCADS: Separated Control and Data Stacks that protects return addresses and saved frame pointers on a separate stack, called the control stack. In common computer programs, a single user mode stack is used to store control information next to data buffers. By separating control information from the data stack, we can protect sensitive pointers of a program’s control flow from being overwritten by buffer overflows. To substantiate the practicability of our approach, we provide SCADS as an open source patch for the LLVM compiler infrastructure. Focusing on Linux and FreeBSD running on the AMD64 architecture, we show compatibility, security and performance results. As we make control flow information simply unreachable for buffer overflows, many exploits are stopped at an early stage of progression with only negligible performance overhead.
{"title":"Separated Control and Data Stacks to Mitigate Buffer Overflow Exploits","authors":"C. Kugler, Tilo Müller","doi":"10.4108/eai.5-10-2015.150477","DOIUrl":"https://doi.org/10.4108/eai.5-10-2015.150477","url":null,"abstract":"Despite the fact that protection mechanisms like StackGuard, ASLR and NX are widespread, the development on new defense strategies against stack-based buffer overflows has not yet come to an end. In this article, we present a novel compiler-level protection called SCADS: Separated Control and Data Stacks that protects return addresses and saved frame pointers on a separate stack, called the control stack. In common computer programs, a single user mode stack is used to store control information next to data buffers. By separating control information from the data stack, we can protect sensitive pointers of a program’s control flow from being overwritten by buffer overflows. To substantiate the practicability of our approach, we provide SCADS as an open source patch for the LLVM compiler infrastructure. Focusing on Linux and FreeBSD running on the AMD64 architecture, we show compatibility, security and performance results. As we make control flow information simply unreachable for buffer overflows, many exploits are stopped at an early stage of progression with only negligible performance overhead.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130876255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: