More attention has been paid to program security since ROP had been proposed. An ROP defence scheme based on detecting frequent set sequences was designed in 2009 and it was proved an useful way to defend most ROP attacks. However, this scheme was bypassed by Lgadget, which makes use of long ret sequences and was proposed by J Cao in 2013. Based on J Cao's work, this paper improves the Lgadgets and designs a frame work automatically distributing gadgets addresses into the stack to trigger an ROP exploit. Our work includes turing-complete gadgets gathering, definition and compilation of upper level language, and automated linking and chaining of the gadgets in the stack. We demonstrate the viability and effectiveness of this kind of automatic exploit.
{"title":"A-R Exploit: An Automatic ROP Exploit Based on Long Sequence","authors":"Chao Yang, Tao Zheng, Zhitian Lin","doi":"10.1109/SERE-C.2014.22","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.22","url":null,"abstract":"More attention has been paid to program security since ROP had been proposed. An ROP defence scheme based on detecting frequent set sequences was designed in 2009 and it was proved an useful way to defend most ROP attacks. However, this scheme was bypassed by Lgadget, which makes use of long ret sequences and was proposed by J Cao in 2013. Based on J Cao's work, this paper improves the Lgadgets and designs a frame work automatically distributing gadgets addresses into the stack to trigger an ROP exploit. Our work includes turing-complete gadgets gathering, definition and compilation of upper level language, and automated linking and chaining of the gadgets in the stack. We demonstrate the viability and effectiveness of this kind of automatic exploit.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129796955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Automated cyber attacks tend to be schedule and resource limited. The primary progress metric is often "coverage" of pre-determined "known" vulnerabilities that may not have been patched, along with possible zero-day exploits (if such exist). We present and discuss a hypergeometric process model that describes such attack patterns. We used web request signatures from the logs of a production web server to assess the applicability of the model.
{"title":"On Coverage-Based Attack Profiles","authors":"A. Rivers, M. Vouk, L. Williams","doi":"10.1109/SERE-C.2014.15","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.15","url":null,"abstract":"Automated cyber attacks tend to be schedule and resource limited. The primary progress metric is often \"coverage\" of pre-determined \"known\" vulnerabilities that may not have been patched, along with possible zero-day exploits (if such exist). We present and discuss a hypergeometric process model that describes such attack patterns. We used web request signatures from the logs of a production web server to assess the applicability of the model.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"121 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130091107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Process Algebra for Demand and Supply (shortly, PADS), proposed by Philippou et al., is a process algebra model for the formal analysis of hierarchical scheduling. They introduce a basic notion of supply simulation relation to characterize task's schedulability. In this paper, we first investigate some properties of supply simulation relation. And then based on these properties, we present a proof system for the supply simulation relation in a decomposing-composing way and prove its soundness and completeness with respect to the semantic definition of a supply simulation relation. The soundness and completeness guarantee that the proof system is used to determine whether a task is schedulable by a supply or not.
供不应求的过程代数(Process Algebra for Demand and Supply,简称PADS)是Philippou等人提出的用于形式化分析分层调度的过程代数模型。他们引入了供应仿真关系的基本概念来表征任务的可调度性。本文首先研究了供给模拟关系的一些性质。在此基础上,以分解组合的方式给出了供给仿真关系的证明体系,并从供给仿真关系的语义定义出发,证明了其完备性。证明系统的健全性和完备性保证了证明系统被用来确定一个任务是否可被一个供应商调度。
{"title":"A Proof System in Process Algebra for Demand and Supply","authors":"Xinghua Yao, Yixiang Chen","doi":"10.1109/SERE-C.2014.44","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.44","url":null,"abstract":"Process Algebra for Demand and Supply (shortly, PADS), proposed by Philippou et al., is a process algebra model for the formal analysis of hierarchical scheduling. They introduce a basic notion of supply simulation relation to characterize task's schedulability. In this paper, we first investigate some properties of supply simulation relation. And then based on these properties, we present a proof system for the supply simulation relation in a decomposing-composing way and prove its soundness and completeness with respect to the semantic definition of a supply simulation relation. The soundness and completeness guarantee that the proof system is used to determine whether a task is schedulable by a supply or not.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134565651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Siyuan Jiang, Raúl A. Santelices, Haipeng Cai, M. Grechanik
Dynamic program slicing attempts to find runtime dependencies among statements to support security, reliability, and quality tasks such as information-flow analysis, testing, and debugging. However, it is not known how accurately dynamic slices identify statements that really affect each other. We propose a new approach to estimate the accuracy of dynamic slices. We use this approach to obtain bounds on the accuracy of multiple dynamic slices in Java software. Early results suggest that dynamic slices suffer from some imprecision and, more critically, can have a low recall whose upper bound we estimate to be 60% on average.
{"title":"How Accurate Is Dynamic Program Slicing? An Empirical Approach to Compute Accuracy Bounds","authors":"Siyuan Jiang, Raúl A. Santelices, Haipeng Cai, M. Grechanik","doi":"10.1109/SERE-C.2014.14","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.14","url":null,"abstract":"Dynamic program slicing attempts to find runtime dependencies among statements to support security, reliability, and quality tasks such as information-flow analysis, testing, and debugging. However, it is not known how accurately dynamic slices identify statements that really affect each other. We propose a new approach to estimate the accuracy of dynamic slices. We use this approach to obtain bounds on the accuracy of multiple dynamic slices in Java software. Early results suggest that dynamic slices suffer from some imprecision and, more critically, can have a low recall whose upper bound we estimate to be 60% on average.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133711608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An increasing number of web applications are now hosted in cloud infrastructures such as Amazon Web Services. Cloud infrastructures generally lack a uniform guarantee on security, reliability, performance, and cost. A privately owned cloud infrastructure may be considered more secure but less performant than a third-party public cloud infrastructure. Infrastructures that span across geographical regions may further incur complications on the trustworthiness of infrastructures due to the varying power of jurisdiction. Application developers have to be aware of the non-uniformity of infrastructure trustworthiness when deploying applications in the cloud. We propose the MicroApp architecture that help address the difficulty in dealing with the non-uniformity. MicroApp splits a web application into multiple micro applications. Each micro application encapsulates a port of the code and data with the same level of security and integrity requirement. The micro applications will then be deployed to corresponding infrastructures that satisfy the respective requirements. MicroApp provides an RPC mechanism to allow control flows across micro applications. The architecture can be transparently applied to existing web applications and allows an application to effectively adapt to the cloud environment.
越来越多的web应用程序现在托管在云基础设施中,比如Amazon web Services。云基础设施通常在安全性、可靠性、性能和成本方面缺乏统一的保证。私有云基础设施可能被认为比第三方公共云基础设施更安全,但性能较差。由于管辖权的不同,跨地理区域的基础设施可能会进一步导致基础设施可信度的复杂化。在云中部署应用程序时,应用程序开发人员必须意识到基础设施可靠性的不一致性。我们提出了MicroApp架构来帮助解决处理非均匀性的困难。MicroApp将一个web应用程序拆分为多个微应用程序。每个微应用程序都封装了一个端口的代码和数据,具有相同级别的安全性和完整性要求。然后将微应用程序部署到满足各自需求的相应基础设施中。MicroApp提供了一个RPC机制来允许跨微应用程序的控制流。该架构可以透明地应用于现有的web应用程序,并允许应用程序有效地适应云环境。
{"title":"MicroApp: Architecting Web Application for Non-uniform Trustworthiness in Cloud Computing Environment","authors":"Yen-Chun Hsu, Yu-Sung Wu, Tsung-Han Tsai, Yi Pin Chiu, Chihhung Lin, Zhi-Wei Chen","doi":"10.1109/SERE-C.2014.27","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.27","url":null,"abstract":"An increasing number of web applications are now hosted in cloud infrastructures such as Amazon Web Services. Cloud infrastructures generally lack a uniform guarantee on security, reliability, performance, and cost. A privately owned cloud infrastructure may be considered more secure but less performant than a third-party public cloud infrastructure. Infrastructures that span across geographical regions may further incur complications on the trustworthiness of infrastructures due to the varying power of jurisdiction. Application developers have to be aware of the non-uniformity of infrastructure trustworthiness when deploying applications in the cloud. We propose the MicroApp architecture that help address the difficulty in dealing with the non-uniformity. MicroApp splits a web application into multiple micro applications. Each micro application encapsulates a port of the code and data with the same level of security and integrity requirement. The micro applications will then be deployed to corresponding infrastructures that satisfy the respective requirements. MicroApp provides an RPC mechanism to allow control flows across micro applications. The architecture can be transparently applied to existing web applications and allows an application to effectively adapt to the cloud environment.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115977111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Runtime verification with a predictive semantics defines how to monitor a temporal property in a predictive manner. In this paper, we propose a predictive runtime verification framework for Cyber-Physical Systems (CPS), which are usually open embedded systems, aiming to predict the runtime failures of CPS before the failure really happen. We present the method for online predications based on the program information and the runtime information. We have implemented a prototype framework based on JavaMOP. The experimental results demonstrate that our framework is generally applicable.
{"title":"A Predictive Runtime Verification Framework for Cyber-Physical Systems","authors":"Kang Yu, Zhenbang Chen, Wei Dong","doi":"10.1109/SERE-C.2014.43","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.43","url":null,"abstract":"Runtime verification with a predictive semantics defines how to monitor a temporal property in a predictive manner. In this paper, we propose a predictive runtime verification framework for Cyber-Physical Systems (CPS), which are usually open embedded systems, aiming to predict the runtime failures of CPS before the failure really happen. We present the method for online predications based on the program information and the runtime information. We have implemented a prototype framework based on JavaMOP. The experimental results demonstrate that our framework is generally applicable.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121842635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sizhao Li, Shan Lin, Deming Chen, W. Wong, Donghui Guo
In this paper, a cache coherence scheme in multi-processor is introduced. There is a specific model in each kind of software, cache coherence can be solved in AHB bus by these models. First, we use dynamic address mapping policy to realize data cache. Second, according to the randomness of application environment that set up shared cache adaptive configuration and management mechanism in the finite state machine timing sequence model of each kind of software, to ensure the system reliability. In order to support multi-tasking and multi-user operator system - Linux, the multi-processor must use shared memory technology, so this paper also introduced the memory management unit, and base on these, it focuses on how multi-processor and the AHB bus cooperate to ensure cache coherence of the whole system. We can use software execution model and hardware design to achieve instruction or data coherence between each cache and main memory.
{"title":"Analysis of System Reliability for Cache Coherence Scheme in Multi-processor","authors":"Sizhao Li, Shan Lin, Deming Chen, W. Wong, Donghui Guo","doi":"10.1109/SERE-C.2014.47","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.47","url":null,"abstract":"In this paper, a cache coherence scheme in multi-processor is introduced. There is a specific model in each kind of software, cache coherence can be solved in AHB bus by these models. First, we use dynamic address mapping policy to realize data cache. Second, according to the randomness of application environment that set up shared cache adaptive configuration and management mechanism in the finite state machine timing sequence model of each kind of software, to ensure the system reliability. In order to support multi-tasking and multi-user operator system - Linux, the multi-processor must use shared memory technology, so this paper also introduced the memory management unit, and base on these, it focuses on how multi-processor and the AHB bus cooperate to ensure cache coherence of the whole system. We can use software execution model and hardware design to achieve instruction or data coherence between each cache and main memory.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122658741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
L. Zheng, Yangbing Wu, Dan Zhang, Liwei Lin, Donghui Guo
A multiphysics model of Micro-CVD chip for growing carbon nanotubes is presented in this paper. The proposed model covers structural, thermal and electric analyses and takes consideration of all modes of heat dissipation include heat convection, conduction and radiation. The temperature dependence of thermo physical properties and heat transfer properties are also taken into account. The method is proved to be general and can be used for the simulation and analysis of different type of electro-thermal Micro-CVD chip at different physical size over a wide range of operating temperature. Thus the thermal design of Micro-CVD chip for uniform temperature control, which is critical in synthesize carbon nanotubes, becomes possible. An improved distribution of micro-tubes on hot stage of Micro-CVD chip is designed and simulated. The temperature reaches 1300K and the variation on the whole reactive region of the hot stage is within ± 7K.
{"title":"Multiphysics Modeling and Characterization of MicroCVD Chip for Growing Carbon Nanomaterials","authors":"L. Zheng, Yangbing Wu, Dan Zhang, Liwei Lin, Donghui Guo","doi":"10.1109/SERE-C.2014.48","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.48","url":null,"abstract":"A multiphysics model of Micro-CVD chip for growing carbon nanotubes is presented in this paper. The proposed model covers structural, thermal and electric analyses and takes consideration of all modes of heat dissipation include heat convection, conduction and radiation. The temperature dependence of thermo physical properties and heat transfer properties are also taken into account. The method is proved to be general and can be used for the simulation and analysis of different type of electro-thermal Micro-CVD chip at different physical size over a wide range of operating temperature. Thus the thermal design of Micro-CVD chip for uniform temperature control, which is critical in synthesize carbon nanotubes, becomes possible. An improved distribution of micro-tubes on hot stage of Micro-CVD chip is designed and simulated. The temperature reaches 1300K and the variation on the whole reactive region of the hot stage is within ± 7K.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125593190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Graa, N. Cuppens-Boulahia, F. Cuppens, A. Cavalli
In Android systems, an attacker can obfuscate an application code to leak sensitive information. TaintDroid is an information flow tracking system that protects private data in smartphones. But, TainDroid cannot detect control flows. Thus, it can be circumvented by an obfuscated code attack based on control dependencies. In this paper, we present a collection of obfuscated code attacks on TaintDroid system. We propose a technical solution based on a hybrid approach that combines static and dynamic analysis. We formally specify our solution based on two propagation rules. Finally, we evaluate our approach and show that we can avoid the obfuscated code attacks based on control dependencies by using these propagation rules.
{"title":"Protection against Code Obfuscation Attacks Based on Control Dependencies in Android Systems","authors":"M. Graa, N. Cuppens-Boulahia, F. Cuppens, A. Cavalli","doi":"10.1109/SERE-C.2014.33","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.33","url":null,"abstract":"In Android systems, an attacker can obfuscate an application code to leak sensitive information. TaintDroid is an information flow tracking system that protects private data in smartphones. But, TainDroid cannot detect control flows. Thus, it can be circumvented by an obfuscated code attack based on control dependencies. In this paper, we present a collection of obfuscated code attacks on TaintDroid system. We propose a technical solution based on a hybrid approach that combines static and dynamic analysis. We formally specify our solution based on two propagation rules. Finally, we evaluate our approach and show that we can avoid the obfuscated code attacks based on control dependencies by using these propagation rules.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"379 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115907699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.
{"title":"CRAXDroid: Automatic Android System Testing by Selective Symbolic Execution","authors":"Chao-Chun Yeh, Han-Lin Lu, Chun-Yen Chen, Kee Kiat Khor, Shih-Kun Huang","doi":"10.1109/SERE-C.2014.32","DOIUrl":"https://doi.org/10.1109/SERE-C.2014.32","url":null,"abstract":"Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115129232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: