Resource discovery in unstructured peer-to-peer networks causes a search query to be flooded throughout the network via random nodes, leading to security and privacy issues. The owner of the search query does not have control over the transmission of its query through the network. Although algorithms have been proposed for policy-compliant query or data routing in a network, these algorithms mainly deal with authentic route computation and do not provide mechanisms to actually verify the network paths taken by the query. In this work, we propose an approach to deal with the problem of verifying network paths taken by a search query during resource discovery, and detection of malicious forwarding of search query. Our approach aims at being secure and yet very scalable, even in the presence of huge number of nodes in the network.
{"title":"Efficient Network Path Verification for Policy-routedQueries","authors":"Sushama Karumanchi, Jingwei Li, A. Squicciarini","doi":"10.1145/2857705.2857715","DOIUrl":"https://doi.org/10.1145/2857705.2857715","url":null,"abstract":"Resource discovery in unstructured peer-to-peer networks causes a search query to be flooded throughout the network via random nodes, leading to security and privacy issues. The owner of the search query does not have control over the transmission of its query through the network. Although algorithms have been proposed for policy-compliant query or data routing in a network, these algorithms mainly deal with authentic route computation and do not provide mechanisms to actually verify the network paths taken by the query. In this work, we propose an approach to deal with the problem of verifying network paths taken by a search query during resource discovery, and detection of malicious forwarding of search query. Our approach aims at being secure and yet very scalable, even in the presence of huge number of nodes in the network.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134067534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Logic vulnerabilities are an important class of programming flaws in web applications. These vulnerabilities occur when a desired property pertaining to an application's logic does not hold along certain paths in the application's code. Many analysis tools have been developed to find logic vulnerabilities in web applications. Given a web application with logic vulnerabilities, the question is whether one can design methods to patch application code and prevent these vulnerabilities from being exploited. We answer this question by developing an approach and tool called LogicPatcher for patching of logic vulnerabilities. We focus on correct patch placement, i.e. identifying the precise location in code where the patch code can be introduced, based on path profiling. As we show in this paper, finding the appropriate location as well as generating the right patch can get complicated and require deep code analysis. We demonstrate the utility of LogicPatcher by automatically fixing several critical parameter tampering and authorization vulnerabilities in large web applications.
{"title":"Patching Logic Vulnerabilities for Web Applications using LogicPatcher","authors":"M. Monshizadeh, P. Naldurg, V. Venkatakrishnan","doi":"10.1145/2857705.2857727","DOIUrl":"https://doi.org/10.1145/2857705.2857727","url":null,"abstract":"Logic vulnerabilities are an important class of programming flaws in web applications. These vulnerabilities occur when a desired property pertaining to an application's logic does not hold along certain paths in the application's code. Many analysis tools have been developed to find logic vulnerabilities in web applications. Given a web application with logic vulnerabilities, the question is whether one can design methods to patch application code and prevent these vulnerabilities from being exploited. We answer this question by developing an approach and tool called LogicPatcher for patching of logic vulnerabilities. We focus on correct patch placement, i.e. identifying the precise location in code where the patch code can be introduced, based on path profiling. As we show in this paper, finding the appropriate location as well as generating the right patch can get complicated and require deep code analysis. We demonstrate the utility of LogicPatcher by automatically fixing several critical parameter tampering and authorization vulnerabilities in large web applications.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133704363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Code randomization is an effective defense against code reuse attacks. It scrambles program code to prevent attackers from locating useful functions or gadgets. The key to secure code randomization is achieving high entropy. A practical approach to boost entropy is on-demand live randomization that works on running processes. However, enabling live randomization is challenging in that it often requires manual efforts to solve ambiguity in identifying function pointers. In this paper, we propose Remix, an efficient and practical live randomization system for both user processes and kernel modules. Remix randomly shuffles basic blocks within their respective functions. By doing so, it avoids the complexity of migrating stale function pointers, and allows mixing randomized and non-randomized code to strike a balance between performance and security. Remix randomizes a running process in two steps: it first randomly reorders its basic blocks, and then comprehensively migrates live pointers to basic blocks. Our experiments show that Remix can significantly increase randomness with low performance overhead on both CPU and I/O intensive benchmarks and kernel modules, even at very short randomization intervals.
{"title":"Remix: On-demand Live Randomization","authors":"Yueh-Ting Chen, Zhi Wang, D. Whalley, Long Lu","doi":"10.1145/2857705.2857726","DOIUrl":"https://doi.org/10.1145/2857705.2857726","url":null,"abstract":"Code randomization is an effective defense against code reuse attacks. It scrambles program code to prevent attackers from locating useful functions or gadgets. The key to secure code randomization is achieving high entropy. A practical approach to boost entropy is on-demand live randomization that works on running processes. However, enabling live randomization is challenging in that it often requires manual efforts to solve ambiguity in identifying function pointers. In this paper, we propose Remix, an efficient and practical live randomization system for both user processes and kernel modules. Remix randomly shuffles basic blocks within their respective functions. By doing so, it avoids the complexity of migrating stale function pointers, and allows mixing randomized and non-randomized code to strike a balance between performance and security. Remix randomizes a running process in two steps: it first randomly reorders its basic blocks, and then comprehensively migrates live pointers to basic blocks. Our experiments show that Remix can significantly increase randomness with low performance overhead on both CPU and I/O intensive benchmarks and kernel modules, even at very short randomization intervals.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132735738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, six core primitives belonging to most distributed systems are presented. These primitives apply well to systems with large amounts of data, scalability concerns, heterogeneity concerns, temporal concerns, and elements of unknown pedigree with possible nefarious intent. These primitives form the basic building blocks for a Network of 'Things' (NoT), including the Internet of Things (IoT). This keynote offers an underlying and foundational science to IoT. To my knowledge, the ideas and the manner in which the science underlying IoT is presented here is unique. Further, this talk reflects my personal viewpoints and not those of NIST.
{"title":"Decoding the Mystery of the Internet of Things","authors":"J. Voas","doi":"10.1145/2857705.2857729","DOIUrl":"https://doi.org/10.1145/2857705.2857729","url":null,"abstract":"System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, six core primitives belonging to most distributed systems are presented. These primitives apply well to systems with large amounts of data, scalability concerns, heterogeneity concerns, temporal concerns, and elements of unknown pedigree with possible nefarious intent. These primitives form the basic building blocks for a Network of 'Things' (NoT), including the Internet of Things (IoT). This keynote offers an underlying and foundational science to IoT. To my knowledge, the ideas and the manner in which the science underlying IoT is presented here is unique. Further, this talk reflects my personal viewpoints and not those of NIST.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115735044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Private Browsing Mode has become a popular feature in modern browsers. However, despite its prevalence, a similar privacy enhancing technology has not been replicated in other user applications. PrivExec is an operating system service that provides an application-agnostic, system-wide private execution mode. We present TpriVexeC, a novel approach to system-level privacy support that affords faster application execution over PrivExec. TpriVexeC uses memory as its principal backing store but falls back to system swap on high memory pressure. Upon swapping, it encrypts and decrypts private application data as it transits into and out of disk. By doing away with much of persistent disk as primary storage, TpriVexeC provides stronger privacy guarantees and faster application runtime. As shown by our evaluation, TpriVexeC application performance is indistinguishable from a vanilla system and compared to PrivExec, it is up to 30 times faster in writes and 38 times faster in reads for I/O bound tasks.
{"title":"TPRIVEXEC: Private Execution in Virtual Memory","authors":"J. B. Djoko, B. Jennings, Adam J. Lee","doi":"10.1145/2857705.2857724","DOIUrl":"https://doi.org/10.1145/2857705.2857724","url":null,"abstract":"Private Browsing Mode has become a popular feature in modern browsers. However, despite its prevalence, a similar privacy enhancing technology has not been replicated in other user applications. PrivExec is an operating system service that provides an application-agnostic, system-wide private execution mode. We present TpriVexeC, a novel approach to system-level privacy support that affords faster application execution over PrivExec. TpriVexeC uses memory as its principal backing store but falls back to system swap on high memory pressure. Upon swapping, it encrypts and decrypts private application data as it transits into and out of disk. By doing away with much of persistent disk as primary storage, TpriVexeC provides stronger privacy guarantees and faster application runtime. As shown by our evaluation, TpriVexeC application performance is indistinguishable from a vanilla system and compared to PrivExec, it is up to 30 times faster in writes and 38 times faster in reads for I/O bound tasks.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124200176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Many mobile services consist of two components: a server providing an API, and an application running on smartphones and communicating with the API. An unresolved problem in this design is that it is difficult for the server to authenticate which app is accessing the API. This causes many security problems. For example, the provider of a private network API has to embed secrets in its official app to ensure that only this app can access the API; however, attackers can uncover the secret by reverse-engineering. As another example, malicious apps may send automatic requests to ad servers to commit ad fraud. In this work, we propose a system that allows network API to authenticate the mobile app that sends each request so that the API can make an informed access control decision. Our system, the Mobile Trusted-Origin Policy, consists of two parts: 1) an app provenance mechanism that annotates outgoing HTTP(S) requests with information about which app generated the network traffic, and 2) a code isolation mechanism that separates code within an app that should have different app provenance signatures into mobile origin. As motivation for our work, we present two previously-unknown families of apps that perform click fraud, and examine how the lack of mobile origin information enables the attacks. Based on our observations, we propose Trusted Cross-Origin Requests to handle point (1), which automatically includes mobile origin information in outgoing HTTP requests. Servers may then decide, based on the mobile origin data, whether to process the request or not. We implement a prototype of our system for Android and evaluate its performance, security, and deployability. We find that our system can achieve our security and utility goals with negligible overhead.
{"title":"On the Origin of Mobile Apps: Network Provenance for Android Applications","authors":"Ryan Stevens, J. Crussell, Hao Chen","doi":"10.1145/2857705.2857712","DOIUrl":"https://doi.org/10.1145/2857705.2857712","url":null,"abstract":"Many mobile services consist of two components: a server providing an API, and an application running on smartphones and communicating with the API. An unresolved problem in this design is that it is difficult for the server to authenticate which app is accessing the API. This causes many security problems. For example, the provider of a private network API has to embed secrets in its official app to ensure that only this app can access the API; however, attackers can uncover the secret by reverse-engineering. As another example, malicious apps may send automatic requests to ad servers to commit ad fraud. In this work, we propose a system that allows network API to authenticate the mobile app that sends each request so that the API can make an informed access control decision. Our system, the Mobile Trusted-Origin Policy, consists of two parts: 1) an app provenance mechanism that annotates outgoing HTTP(S) requests with information about which app generated the network traffic, and 2) a code isolation mechanism that separates code within an app that should have different app provenance signatures into mobile origin. As motivation for our work, we present two previously-unknown families of apps that perform click fraud, and examine how the lack of mobile origin information enables the attacks. Based on our observations, we propose Trusted Cross-Origin Requests to handle point (1), which automatically includes mobile origin information in outgoing HTTP requests. Servers may then decide, based on the mobile origin data, whether to process the request or not. We implement a prototype of our system for Android and evaluate its performance, security, and deployability. We find that our system can achieve our security and utility goals with negligible overhead.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133231793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Workflows and role-based access control models need to be suitably merged, in order to allow users to perform processes in a correct way, according to the given data access policies and the temporal constraints. Given a mapping between workflow models and simple temporal networks with uncertainty, we discuss a mapping between role temporalities and simple temporal networks, and how to connect the two resulting networks to make explicit who can do what, when. If the connected network is still executable, we show how to compute the set of authorized users for each task. Finally, we define security constraints (to prevent users from doing unauthorized actions) and security constraint propagation rules (to propagate security constraints at runtime). We also provide an algorithm to check whether a set of propagation rules is safe, and we extend an existing execution algorithm to take into account these new security aspects.
{"title":"Security Constraints in Temporal Role-Based Access-Controlled Workflows","authors":"Combi Carlo, L. Viganò, Matteo Zavatteri","doi":"10.1145/2857705.2857716","DOIUrl":"https://doi.org/10.1145/2857705.2857716","url":null,"abstract":"Workflows and role-based access control models need to be suitably merged, in order to allow users to perform processes in a correct way, according to the given data access policies and the temporal constraints. Given a mapping between workflow models and simple temporal networks with uncertainty, we discuss a mapping between role temporalities and simple temporal networks, and how to connect the two resulting networks to make explicit who can do what, when. If the connected network is still executable, we show how to compute the set of authorized users for each task. Finally, we define security constraints (to prevent users from doing unauthorized actions) and security constraint propagation rules (to propagate security constraints at runtime). We also provide an algorithm to check whether a set of propagation rules is safe, and we extend an existing execution algorithm to take into account these new security aspects.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121242774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mansour Ahmadi, G. Giacinto, Dmitry Ulyanov, Stanislav Semenov, Mikhail Trofimov
Modern malware is designed with mutation characteristics, namely polymorphism and metamorphism, which causes an enormous growth in the number of variants of malware samples. Categorization of malware samples on the basis of their behaviors is essential for the computer security community, because they receive huge number of malware everyday, and the signature extraction process is usually based on malicious parts characterizing malware families. Microsoft released a malware classification challenge in 2015 with a huge dataset of near 0.5 terabytes of data, containing more than 20K malware samples. The analysis of this dataset inspired the development of a novel paradigm that is effective in categorizing malware variants into their actual family groups. This paradigm is presented and discussed in the present paper, where emphasis has been given to the phases related to the extraction, and selection of a set of novel features for the effective representation of malware samples. Features can be grouped according to different characteristics of malware behavior, and their fusion is performed according to a per-class weighting paradigm. The proposed method achieved a very high accuracy ($approx$ 0.998) on the Microsoft Malware Challenge dataset.
{"title":"Novel Feature Extraction, Selection and Fusion for Effective Malware Family Classification","authors":"Mansour Ahmadi, G. Giacinto, Dmitry Ulyanov, Stanislav Semenov, Mikhail Trofimov","doi":"10.1145/2857705.2857713","DOIUrl":"https://doi.org/10.1145/2857705.2857713","url":null,"abstract":"Modern malware is designed with mutation characteristics, namely polymorphism and metamorphism, which causes an enormous growth in the number of variants of malware samples. Categorization of malware samples on the basis of their behaviors is essential for the computer security community, because they receive huge number of malware everyday, and the signature extraction process is usually based on malicious parts characterizing malware families. Microsoft released a malware classification challenge in 2015 with a huge dataset of near 0.5 terabytes of data, containing more than 20K malware samples. The analysis of this dataset inspired the development of a novel paradigm that is effective in categorizing malware variants into their actual family groups. This paradigm is presented and discussed in the present paper, where emphasis has been given to the phases related to the extraction, and selection of a set of novel features for the effective representation of malware samples. Features can be grouped according to different characteristics of malware behavior, and their fusion is performed according to a per-class weighting paradigm. The proposed method achieved a very high accuracy ($approx$ 0.998) on the Microsoft Malware Challenge dataset.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114288981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. Su, Jianneng Cao, Ninghui Li, E. Bertino, Hongxia Jin
There are two broad approaches for differentially private data analysis. The interactive approach aims at developing customized differentially private algorithms for various data mining tasks. The non-interactive approach aims at developing differentially private algorithms that can output a synopsis of the input dataset, which can then be used to support various data mining tasks. In this paper we study the effectiveness of the two approaches on differentially private k-means clustering. We develop techniques to analyze the empirical error behaviors of the existing interactive and non-interactive approaches. Based on the analysis, we propose an improvement of DPLloyd which is a differentially private version of the Lloyd algorithm. We also propose a non-interactive approach EUGkM which publishes a differentially private synopsis for k-means clustering. Results from extensive and systematic experiments support our analysis and demonstrate the effectiveness of our improvement on DPLloyd and the proposed EUGkM algorithm.
{"title":"Differentially Private K-Means Clustering","authors":"D. Su, Jianneng Cao, Ninghui Li, E. Bertino, Hongxia Jin","doi":"10.1145/2857705.2857708","DOIUrl":"https://doi.org/10.1145/2857705.2857708","url":null,"abstract":"There are two broad approaches for differentially private data analysis. The interactive approach aims at developing customized differentially private algorithms for various data mining tasks. The non-interactive approach aims at developing differentially private algorithms that can output a synopsis of the input dataset, which can then be used to support various data mining tasks. In this paper we study the effectiveness of the two approaches on differentially private k-means clustering. We develop techniques to analyze the empirical error behaviors of the existing interactive and non-interactive approaches. Based on the analysis, we propose an improvement of DPLloyd which is a differentially private version of the Lloyd algorithm. We also propose a non-interactive approach EUGkM which publishes a differentially private synopsis for k-means clustering. Results from extensive and systematic experiments support our analysis and demonstrate the effectiveness of our improvement on DPLloyd and the proposed EUGkM algorithm.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115848949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","authors":"","doi":"10.1145/2857705","DOIUrl":"https://doi.org/10.1145/2857705","url":null,"abstract":"","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116655284","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: