Critical information systems strongly rely on event logging techniques to collect data, such as housekeeping/error events, execution traces and dumps of variables, into unstructured text logs. Event logs are the primary source to gain actionable intelligence from production systems. In spite of the recognized importance, system/application logs remain quite underutilized in security analytics when compared to conventional and structured data sources, such as audit traces, network flows and intrusion detection logs. This paper proposes a method to measure the occurrence of interesting activity (i.e., entries that should be followed up by analysts) within textual and heterogeneous runtime log streams. We use an entropy-based approach, which makes no assumptions on the structure of underlying log entries. Measurements have been done in a real-world Air Traffic Control information system through a data analytics framework. Experiments suggest that our entropy-based method represents a valuable complement to security analytics solutions.
{"title":"Entropy-Based Security Analytics: Measurements from a Critical Information System","authors":"M. Cinque, Raffaele Della Corte, A. Pecchia","doi":"10.1109/DSN.2017.39","DOIUrl":"https://doi.org/10.1109/DSN.2017.39","url":null,"abstract":"Critical information systems strongly rely on event logging techniques to collect data, such as housekeeping/error events, execution traces and dumps of variables, into unstructured text logs. Event logs are the primary source to gain actionable intelligence from production systems. In spite of the recognized importance, system/application logs remain quite underutilized in security analytics when compared to conventional and structured data sources, such as audit traces, network flows and intrusion detection logs. This paper proposes a method to measure the occurrence of interesting activity (i.e., entries that should be followed up by analysts) within textual and heterogeneous runtime log streams. We use an entropy-based approach, which makes no assumptions on the structure of underlying log entries. Measurements have been done in a real-world Air Traffic Control information system through a data analytics framework. Experiments suggest that our entropy-based method represents a valuable complement to security analytics solutions.","PeriodicalId":426928,"journal":{"name":"2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129891354","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yacong Gu, Kun Sun, Purui Su, Qi Li, Yemian Lu, Lingyun Ying, D. Feng
Android system applies a permission-based security model to restrict unauthorized apps from accessing system services, however, this security model cannot constrain authorized apps from sending excessive service requests to exhaust the limited system resource allocated for each system service. As references from native code to a Java object, JNI Global References (JGR) are prone to memory leaks, since they are not automatically garbage collected. Moreover, JGR exhaustion may lead to process abort or even Android system reboot when the victim process could not afford the JGR requests triggered by malicious apps through inter-process communication. In this paper, we perform a systematic study on JGR exhaustion (JGRE) attacks against all system services in Android. Our experimental results show that among the 104 system services in Android 6.0.1, 32 system services have 54 vulnerabilities. Particularly, 22 system services can be successfully attacked without any permission support. After reporting those vulnerabilities to Android security team and getting confirmed, we study the existing ad hoc countermeasures in Android against JGRE attacks. Surprisingly, among the 10 system services that have been protected, 8 system services are still vulnerable to JGRE attacks. Finally, we develop an effective defense mechanism to defeat all identified JGRE attacks by adopting Android's low memory killer (LMK) mechanism.
{"title":"JGRE: An Analysis of JNI Global Reference Exhaustion Vulnerabilities in Android","authors":"Yacong Gu, Kun Sun, Purui Su, Qi Li, Yemian Lu, Lingyun Ying, D. Feng","doi":"10.1109/DSN.2017.40","DOIUrl":"https://doi.org/10.1109/DSN.2017.40","url":null,"abstract":"Android system applies a permission-based security model to restrict unauthorized apps from accessing system services, however, this security model cannot constrain authorized apps from sending excessive service requests to exhaust the limited system resource allocated for each system service. As references from native code to a Java object, JNI Global References (JGR) are prone to memory leaks, since they are not automatically garbage collected. Moreover, JGR exhaustion may lead to process abort or even Android system reboot when the victim process could not afford the JGR requests triggered by malicious apps through inter-process communication. In this paper, we perform a systematic study on JGR exhaustion (JGRE) attacks against all system services in Android. Our experimental results show that among the 104 system services in Android 6.0.1, 32 system services have 54 vulnerabilities. Particularly, 22 system services can be successfully attacked without any permission support. After reporting those vulnerabilities to Android security team and getting confirmed, we study the existing ad hoc countermeasures in Android against JGRE attacks. Surprisingly, among the 10 system services that have been protected, 8 system services are still vulnerable to JGRE attacks. Finally, we develop an effective defense mechanism to defeat all identified JGRE attacks by adopting Android's low memory killer (LMK) mechanism.","PeriodicalId":426928,"journal":{"name":"2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129829923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Balaji Arun, Sebastiano Peluso, R. Palmieri, Giuliano Losa, B. Ravindran
This paper proposes CAESAR, a novel multi-leader Generalized Consensus protocol for geographically replicated sites. The main goal of CAESAR is to overcome one of the major limitations of existing approaches, which is the significant performance degradation when application workload produces conflicting requests. CAESAR does that by changing the way a fast decision is taken: its ordering protocol does not reject a fast decision for a client request if a quorum of nodes reply with different dependency sets for that request. The effectiveness of CAESAR is demonstrated through an evaluation study performed on Amazon's EC2 infrastructure using 5 geo-replicated sites. CAESAR outperforms other multi-leader (e.g., EPaxos) competitors by as much as 1.7x in the presence of 30% conflicting requests, and single-leader (e.g., Multi-Paxos) by up to 3.5x.
{"title":"Speeding up Consensus by Chasing Fast Decisions","authors":"Balaji Arun, Sebastiano Peluso, R. Palmieri, Giuliano Losa, B. Ravindran","doi":"10.1109/DSN.2017.35","DOIUrl":"https://doi.org/10.1109/DSN.2017.35","url":null,"abstract":"This paper proposes CAESAR, a novel multi-leader Generalized Consensus protocol for geographically replicated sites. The main goal of CAESAR is to overcome one of the major limitations of existing approaches, which is the significant performance degradation when application workload produces conflicting requests. CAESAR does that by changing the way a fast decision is taken: its ordering protocol does not reject a fast decision for a client request if a quorum of nodes reply with different dependency sets for that request. The effectiveness of CAESAR is demonstrated through an evaluation study performed on Amazon's EC2 infrastructure using 5 geo-replicated sites. CAESAR outperforms other multi-leader (e.g., EPaxos) competitors by as much as 1.7x in the presence of 30% conflicting requests, and single-leader (e.g., Multi-Paxos) by up to 3.5x.","PeriodicalId":426928,"journal":{"name":"2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115377050","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
O. Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, C. Fetzer
Software systems research relies on experimental evaluation to assess the effectiveness of newly developed solutions. However, the existing evaluation frameworks are rigid (do not allow creation of new experiments), often simplistic (may not reveal issues that appear in real-world applications), and can be inconsistent (do not guarantee reproducibility of experiments across platforms). This paper presents Fex, a software systems evaluation framework that addresses these limitations. Fex is extensible (can be easily extended with custom experiment types), practical (supports composition of different benchmark suites and real-world applications), and reproducible (it is built on container technology to guarantee the same software stack across platforms). We show that Fex achieves these design goals with minimal end-user effort - for instance, adding Nginx web-server to evaluation requires only 160 LoC. Going forward, we discuss the architecture of the framework, explain its interface, show common usage scenarios, and evaluate the efforts for writing various custom extensions.
{"title":"Fex: A Software Systems Evaluator","authors":"O. Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, C. Fetzer","doi":"10.1109/DSN.2017.25","DOIUrl":"https://doi.org/10.1109/DSN.2017.25","url":null,"abstract":"Software systems research relies on experimental evaluation to assess the effectiveness of newly developed solutions. However, the existing evaluation frameworks are rigid (do not allow creation of new experiments), often simplistic (may not reveal issues that appear in real-world applications), and can be inconsistent (do not guarantee reproducibility of experiments across platforms). This paper presents Fex, a software systems evaluation framework that addresses these limitations. Fex is extensible (can be easily extended with custom experiment types), practical (supports composition of different benchmark suites and real-world applications), and reproducible (it is built on container technology to guarantee the same software stack across platforms). We show that Fex achieves these design goals with minimal end-user effort - for instance, adding Nginx web-server to evaluation requires only 160 LoC. Going forward, we discuss the architecture of the framework, explain its interface, show common usage scenarios, and evaluate the efforts for writing various custom extensions.","PeriodicalId":426928,"journal":{"name":"2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126605569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Marcus Brandenburger, C. Cachin, Matthias Lorenz, R. Kapitza
Novel hardware-aided trusted execution environments, as provided by Intel's Software Guard Extensions (SGX), enable to execute applications in a secure context that enforces confidentiality and integrity of the application state even when the host system is misbehaving. While this paves the way towards secure and trustworthy cloud computing, essential system support to protect persistent application state against rollback and forking attacks is missing. In this paper we present LCM – a lightweight protocol to establish a collective memory amongst all clients of a remote application to detect integrity and consistency violations. LCM enables the detection of rollback attacks against the remote application, enforces the consistency notion of fork-linearizability and notifies clients about operation stability. The protocol exploits the trusted execution environment, complements it with simple client-side operations, and maintains only small, constant storage at the clients. This simplifies the solution compared to previous approaches, where the clients had to verify all operations initiated by other clients. We have implemented LCM and demonstrated its advantages with a key-value store application. The evaluation shows that it introduces low network and computation overhead, in particular, a LCM-protected key-value store achieves 0.72x – 0.98x of an SGX-secured key-value store throughput.
{"title":"Rollback and Forking Detection for Trusted Execution Environments Using Lightweight Collective Memory","authors":"Marcus Brandenburger, C. Cachin, Matthias Lorenz, R. Kapitza","doi":"10.1109/DSN.2017.45","DOIUrl":"https://doi.org/10.1109/DSN.2017.45","url":null,"abstract":"Novel hardware-aided trusted execution environments, as provided by Intel's Software Guard Extensions (SGX), enable to execute applications in a secure context that enforces confidentiality and integrity of the application state even when the host system is misbehaving. While this paves the way towards secure and trustworthy cloud computing, essential system support to protect persistent application state against rollback and forking attacks is missing. In this paper we present LCM – a lightweight protocol to establish a collective memory amongst all clients of a remote application to detect integrity and consistency violations. LCM enables the detection of rollback attacks against the remote application, enforces the consistency notion of fork-linearizability and notifies clients about operation stability. The protocol exploits the trusted execution environment, complements it with simple client-side operations, and maintains only small, constant storage at the clients. This simplifies the solution compared to previous approaches, where the clients had to verify all operations initiated by other clients. We have implemented LCM and demonstrated its advantages with a key-value store application. The evaluation shows that it introduces low network and computation overhead, in particular, a LCM-protected key-value store achieves 0.72x – 0.98x of an SGX-secured key-value store throughput.","PeriodicalId":426928,"journal":{"name":"2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"95 7","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131879700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: