As an important part of malware detection and classification, sequence-based analysis can be integrated into dynamic detection system for real-time detection. This work presents a novel learning method for malware detection models that leverages advances in graph embedding for fusing the n-gram data into a one-hot feature space with different transmission directions. By capturing the information flow, our method finds a better feature representation for detection tasks with rely solely on sequence information. To enhance the stability of feature representation, this work adopts a multi-task learning strategy which achieves better performance in independent testing. We evaluate our method on two different realworld datasets and compare it against four superior malware detection models. During malware detection using our method, we conducted in-depth discussions on feature length, graph embedding direction, model depth, and different multi-task learning strategies. Experimental and discussion results show that our method significantly outperforms alternative approaches across evaluation settings.
{"title":"Sequence-based malware detection using a single-bidirectional graph embedding and multi-task learning framework","authors":"Jiale Luo, Zhewngyu Zhang, Jiesi Luo, Pin Yang, Runyu Jing","doi":"10.3233/jcs-230041","DOIUrl":"https://doi.org/10.3233/jcs-230041","url":null,"abstract":"As an important part of malware detection and classification, sequence-based analysis can be integrated into dynamic detection system for real-time detection. This work presents a novel learning method for malware detection models that leverages advances in graph embedding for fusing the n-gram data into a one-hot feature space with different transmission directions. By capturing the information flow, our method finds a better feature representation for detection tasks with rely solely on sequence information. To enhance the stability of feature representation, this work adopts a multi-task learning strategy which achieves better performance in independent testing. We evaluate our method on two different realworld datasets and compare it against four superior malware detection models. During malware detection using our method, we conducted in-depth discussions on feature length, graph embedding direction, model depth, and different multi-task learning strategies. Experimental and discussion results show that our method significantly outperforms alternative approaches across evaluation settings.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"18 1","pages":""},"PeriodicalIF":1.2,"publicationDate":"2023-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138621042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present an approach to the proactive enforcement of provisions and obligations, suitable for building policy enforcement mechanisms that both prevent and cause system actions. Our approach encompasses abstract requirements for proactive policy enforcement, a system model describing how enforcement mechanisms interact with and control target systems, and concrete policy languages and associated enforcement mechanisms. As examples of policy languages, we consider finite automata and timed dynamic condition response (DCR) graphs. We use finite automata to illustrate the basic principles and DCR graphs to show how these principles can be adapted to a practical, real-time policy language. In both cases, we show how to algorithmically determine whether a given policy is enforceable and, when this is the case, construct an associated enforcement mechanism. Our approach improves upon existing formalisms in two ways: (1) we exploit the target system’s existing functionality to avert policy violations proactively, rather than compensate for them reactively; and (2) rather than requiring the manual specification of remedial actions in the policy, we deduce required actions directly from the policy.
{"title":"Proactive enforcement of provisions and obligations","authors":"David Basin, S. Debois, Thomas Hildebrandt","doi":"10.3233/jcs-210078","DOIUrl":"https://doi.org/10.3233/jcs-210078","url":null,"abstract":"We present an approach to the proactive enforcement of provisions and obligations, suitable for building policy enforcement mechanisms that both prevent and cause system actions. Our approach encompasses abstract requirements for proactive policy enforcement, a system model describing how enforcement mechanisms interact with and control target systems, and concrete policy languages and associated enforcement mechanisms. As examples of policy languages, we consider finite automata and timed dynamic condition response (DCR) graphs. We use finite automata to illustrate the basic principles and DCR graphs to show how these principles can be adapted to a practical, real-time policy language. In both cases, we show how to algorithmically determine whether a given policy is enforceable and, when this is the case, construct an associated enforcement mechanism. Our approach improves upon existing formalisms in two ways: (1) we exploit the target system’s existing functionality to avert policy violations proactively, rather than compensate for them reactively; and (2) rather than requiring the manual specification of remedial actions in the policy, we deduce required actions directly from the policy.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"119 1","pages":""},"PeriodicalIF":1.2,"publicationDate":"2023-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139224523","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yupeng Hu, Wenxin Kuang, Jin Zhe, Wenjia Li, Keqin Li, Jiliang Zhang, Qiao Hu
This paper presents the design and implementation of a systematic Inter-Component Communications (ICCs) dynamic Analysis Technique (SIAT) for detecting privacy-sensitive data leak threats. SIAT’s specific approach involves the identification of malicious ICC patterns by actively tracing both data flows and implicit control flows within ICC processes during runtime. This is achieved by utilizing the taint tagging methodology, a technique utilized by TaintDroid. As a result, it can discover the malicious intent usage pattern and further resolve the coincidental malicious ICCs and bypass cases without incurring performance degradation. SIAT comprises two key modules: Monitor and Analyzer. The Monitor makes the first attempt to revise the taint tag approach named TaintDroid by developing the built-in intent service primitives to help Android capture the intent-related taint propagation at multi-level for malicious ICC detection. Specifically, we enable the Monitor to perform systemwide tracking of intent with five abstraction functionalities embedded in the interactive workflow of components. By analyzing the taint logs offered by the Monitor, the Analyzer can build the accurate and integrated ICC patterns adopted to identify the specific leak threat patterns with the identification algorithms and predefined rules. Meanwhile, we employ the patterns’ deflation technique to improve the efficiency of the Analyzer. We implement the SIAT with Android Open Source Project and evaluate its performance through extensive experiments on a particular dataset consisting of well-known datasets and real-world apps. The experimental results show that, compared to state-of-the-art approaches, the SIAT can achieve about 25% ∼200% accuracy improvements with 1.0 precision and 0.98 recall at negligible runtime overhead. Apart from that, the SIAT can identify two undisclosed cases of bypassing that prior technologies cannot detect and quite a few malicious ICC threats in real-world apps with lots of downloads on the Google Play market.
{"title":"SIAT: A systematic inter-component communication real-time analysis technique for detecting data leak threats on Android","authors":"Yupeng Hu, Wenxin Kuang, Jin Zhe, Wenjia Li, Keqin Li, Jiliang Zhang, Qiao Hu","doi":"10.3233/jcs-220044","DOIUrl":"https://doi.org/10.3233/jcs-220044","url":null,"abstract":"This paper presents the design and implementation of a systematic Inter-Component Communications (ICCs) dynamic Analysis Technique (SIAT) for detecting privacy-sensitive data leak threats. SIAT’s specific approach involves the identification of malicious ICC patterns by actively tracing both data flows and implicit control flows within ICC processes during runtime. This is achieved by utilizing the taint tagging methodology, a technique utilized by TaintDroid. As a result, it can discover the malicious intent usage pattern and further resolve the coincidental malicious ICCs and bypass cases without incurring performance degradation. SIAT comprises two key modules: Monitor and Analyzer. The Monitor makes the first attempt to revise the taint tag approach named TaintDroid by developing the built-in intent service primitives to help Android capture the intent-related taint propagation at multi-level for malicious ICC detection. Specifically, we enable the Monitor to perform systemwide tracking of intent with five abstraction functionalities embedded in the interactive workflow of components. By analyzing the taint logs offered by the Monitor, the Analyzer can build the accurate and integrated ICC patterns adopted to identify the specific leak threat patterns with the identification algorithms and predefined rules. Meanwhile, we employ the patterns’ deflation technique to improve the efficiency of the Analyzer. We implement the SIAT with Android Open Source Project and evaluate its performance through extensive experiments on a particular dataset consisting of well-known datasets and real-world apps. The experimental results show that, compared to state-of-the-art approaches, the SIAT can achieve about 25% ∼200% accuracy improvements with 1.0 precision and 0.98 recall at negligible runtime overhead. Apart from that, the SIAT can identify two undisclosed cases of bypassing that prior technologies cannot detect and quite a few malicious ICC threats in real-world apps with lots of downloads on the Google Play market.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"54 1","pages":""},"PeriodicalIF":1.2,"publicationDate":"2023-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139223246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
By developing a Turing-complete non-control data attack to bypass existing defenses against control flow attacks, Data-Oriented Programming (DOP) has gained significant attention from researchers in recent years. While several defense techniques have been proposed to mitigate DOP attacks, they often introduce substantial overhead due to the blind protection of a large range of data objects. To address this issue, we focus on selecting and protecting the specific target data that are of interest to DOP attackers, rather than securing the entire non-control data in the program. In this regard, we perform static analysis on 20 real-world applications and identify the target data, verifying that they constitute only a small percentage of the overall program, averaging around 3%. Additionally, we propose a semi-automated tool to analyze how to chain operations on the target data in these 20 applications to achieve Turing-complete attacks. Furthermore, we introduce DSLR-: a low-overhead Data Structure Layout Randomization (DSLR) method, which modifies the existing DSLR technique to only randomize the selected target data for DOP. Experimental results demonstrate that DSLR- effectively mitigates DOP attacks, reducing performance overhead by 71.2% and memory overhead by 82.5% compared to the original DSLR technique.
{"title":"DSLR–: A low-overhead data structure layout randomization for defending data-oriented programming","authors":"Jin Wei, Ping Chen","doi":"10.3233/jcs-230053","DOIUrl":"https://doi.org/10.3233/jcs-230053","url":null,"abstract":"By developing a Turing-complete non-control data attack to bypass existing defenses against control flow attacks, Data-Oriented Programming (DOP) has gained significant attention from researchers in recent years. While several defense techniques have been proposed to mitigate DOP attacks, they often introduce substantial overhead due to the blind protection of a large range of data objects. To address this issue, we focus on selecting and protecting the specific target data that are of interest to DOP attackers, rather than securing the entire non-control data in the program. In this regard, we perform static analysis on 20 real-world applications and identify the target data, verifying that they constitute only a small percentage of the overall program, averaging around 3%. Additionally, we propose a semi-automated tool to analyze how to chain operations on the target data in these 20 applications to achieve Turing-complete attacks. Furthermore, we introduce DSLR-: a low-overhead Data Structure Layout Randomization (DSLR) method, which modifies the existing DSLR technique to only randomize the selected target data for DOP. Experimental results demonstrate that DSLR- effectively mitigates DOP attacks, reducing performance overhead by 71.2% and memory overhead by 82.5% compared to the original DSLR technique.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"1 1","pages":""},"PeriodicalIF":1.2,"publicationDate":"2023-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139241761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traditionally, the mission of intercepting malicious traffic between the Internet and the internal network of entities like organizations and corporations, is largely fulfilled by techniques such as deep packet inspection (DPI). However, steganography, the methodology of hiding secret data in seemingly benign public mediums (e.g., images), has been leveraged by advanced persistent threat (APT) groups in recent years, and is almost impossible to be detected and intercepted by traditional techniques, posing a pervasive and realistic threat to cybersecurity. Additionally, internal networks’ vulnerability to steganography is further exacerbated by the connectivity and large attack surface of the Internet of Things (IoT), whose adoption and deployment are quickly expanding. To protect computer systems against malicious communications that apply steganographic methods potentially unknown to cybersecurity stakeholders, we propose StegEraser, an approach to removing the secret information embedded in public mediums by adversaries, that is fundamentally distinct from existing research which is primarily designed for known steganographic methods. Implemented for images, StegEraser injects an excessively huge amount of random binary data with a novel steganographic method into the images, by utilizing the information-merging capabilities of invertible neural networks (INNs), in order to “overload” adversaries’ steganographic hiding capacity of images transmitted through the firewall performing DPI. In the meantime, StegEraser preserves the perceptual quality of the images. In other words, StegEraser “defeats unknown steganography with steganography”. Extensive evaluation verifies that StegEraser significantly outperforms state-of-the-art (SOTA) methods in terms of removing secret information embedded with both traditional and neural network-based steganographic methods, while visually maintaining the image quality.
{"title":"StegEraser: Defending cybersecurity against malicious covert communications","authors":"Jianfeng Zhang, Wensheng Zhang, Jingdong Xu","doi":"10.3233/jcs-220094","DOIUrl":"https://doi.org/10.3233/jcs-220094","url":null,"abstract":"Traditionally, the mission of intercepting malicious traffic between the Internet and the internal network of entities like organizations and corporations, is largely fulfilled by techniques such as deep packet inspection (DPI). However, steganography, the methodology of hiding secret data in seemingly benign public mediums (e.g., images), has been leveraged by advanced persistent threat (APT) groups in recent years, and is almost impossible to be detected and intercepted by traditional techniques, posing a pervasive and realistic threat to cybersecurity. Additionally, internal networks’ vulnerability to steganography is further exacerbated by the connectivity and large attack surface of the Internet of Things (IoT), whose adoption and deployment are quickly expanding. To protect computer systems against malicious communications that apply steganographic methods potentially unknown to cybersecurity stakeholders, we propose StegEraser, an approach to removing the secret information embedded in public mediums by adversaries, that is fundamentally distinct from existing research which is primarily designed for known steganographic methods. Implemented for images, StegEraser injects an excessively huge amount of random binary data with a novel steganographic method into the images, by utilizing the information-merging capabilities of invertible neural networks (INNs), in order to “overload” adversaries’ steganographic hiding capacity of images transmitted through the firewall performing DPI. In the meantime, StegEraser preserves the perceptual quality of the images. In other words, StegEraser “defeats unknown steganography with steganography”. Extensive evaluation verifies that StegEraser significantly outperforms state-of-the-art (SOTA) methods in terms of removing secret information embedded with both traditional and neural network-based steganographic methods, while visually maintaining the image quality.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"37 11","pages":""},"PeriodicalIF":1.2,"publicationDate":"2023-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139263304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Qingtian Zou, Lan Zhang, A. Singhal, Xiaoyan Sun, Peng Liu
While network attacks play a critical role in many advanced persistent threat (APT) campaigns, an arms race exists between the network defenders and the adversary: to make APT campaigns stealthy, the adversary is strongly motivated to evade the detection system. However, new studies have shown that neural network is likely a game-changer in the arms race: neural network could be applied to achieve accurate, signature-free, and low-false-alarm-rate detection. In this work, we investigate whether the adversary could fight back during the next phase of the arms race. In particular, noticing that none of the existing adversarial example generation methods could generate malicious packets (and sessions) that can simultaneously compromise the target machine and evade the neural network detection model, we propose a novel attack method to achieve this goal. We have designed and implemented the new attack. We have also used Address Resolution Protocol (ARP) Poisoning and Domain Name System (DNS) Cache Poisoning as the case study to demonstrate the effectiveness of the proposed attack.
{"title":"Analysis of neural network detectors for network attacks","authors":"Qingtian Zou, Lan Zhang, A. Singhal, Xiaoyan Sun, Peng Liu","doi":"10.3233/jcs-230031","DOIUrl":"https://doi.org/10.3233/jcs-230031","url":null,"abstract":"While network attacks play a critical role in many advanced persistent threat (APT) campaigns, an arms race exists between the network defenders and the adversary: to make APT campaigns stealthy, the adversary is strongly motivated to evade the detection system. However, new studies have shown that neural network is likely a game-changer in the arms race: neural network could be applied to achieve accurate, signature-free, and low-false-alarm-rate detection. In this work, we investigate whether the adversary could fight back during the next phase of the arms race. In particular, noticing that none of the existing adversarial example generation methods could generate malicious packets (and sessions) that can simultaneously compromise the target machine and evade the neural network detection model, we propose a novel attack method to achieve this goal. We have designed and implemented the new attack. We have also used Address Resolution Protocol (ARP) Poisoning and Domain Name System (DNS) Cache Poisoning as the case study to demonstrate the effectiveness of the proposed attack.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"42 3","pages":""},"PeriodicalIF":1.2,"publicationDate":"2023-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139273299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Haopeng Fan, Wenhao Wang, Yongjuan Wang, Xiangbin Wang, Yang Gao
Cache attacks pose a serious security threat to cryptographic implementations in processor architectures. In this paper, we first propose cache attacks against Blowfish, which can break the protection of key-dependent S-box. This attack targets at the subkey calculation of Blowfish, and fully exploits features of the subkey calculation to construct a leakage equation group about the key. Without any knowledge of plaintext and ciphertext, the attacker only needs to obtain the cache leakage once to recover a variable-length key in minute-level time. More than that, we establish a leakage model for cache attack situations to evaluate the exhausting space of the intermediate value of block ciphers, and estimate the time complexity of cache attacks. In our experiments, we perform Flush + Reload and Prime + Probe attacks and recover the random key of Blowfish in OpenSSL 1.1.1h in 4 minutes. Furthermore, we have applied our attacks to existing systems, such as JavaScript-blowfish and Bcrypt. Our attack on JavaScript-blowfish can recover any plaintext input by the user. As for Bcrypt, our attack can recover the hash values stored in the database, thereby allowing attackers to impersonate the user’s identity.
{"title":"Cache attacks on subkey calculation of Blowfish","authors":"Haopeng Fan, Wenhao Wang, Yongjuan Wang, Xiangbin Wang, Yang Gao","doi":"10.3233/jcs-230052","DOIUrl":"https://doi.org/10.3233/jcs-230052","url":null,"abstract":"Cache attacks pose a serious security threat to cryptographic implementations in processor architectures. In this paper, we first propose cache attacks against Blowfish, which can break the protection of key-dependent S-box. This attack targets at the subkey calculation of Blowfish, and fully exploits features of the subkey calculation to construct a leakage equation group about the key. Without any knowledge of plaintext and ciphertext, the attacker only needs to obtain the cache leakage once to recover a variable-length key in minute-level time. More than that, we establish a leakage model for cache attack situations to evaluate the exhausting space of the intermediate value of block ciphers, and estimate the time complexity of cache attacks. In our experiments, we perform Flush + Reload and Prime + Probe attacks and recover the random key of Blowfish in OpenSSL 1.1.1h in 4 minutes. Furthermore, we have applied our attacks to existing systems, such as JavaScript-blowfish and Bcrypt. Our attack on JavaScript-blowfish can recover any plaintext input by the user. As for Bcrypt, our attack can recover the hash values stored in the database, thereby allowing attackers to impersonate the user’s identity.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"21 12","pages":""},"PeriodicalIF":1.2,"publicationDate":"2023-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139274738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Timed data release refers to protecting sensitive data that can be accessed only after a pre-determined amount of time has passed. While blockchain-based solutions for timed data release provide a promising approach for decentralizing the process, designing an attack-resilient timed-release service that is resilient to malicious adversaries in a blockchain network is inherently challenging. A timed-release service on a blockchain network is inevitably exposed to the risk of post-facto attacks where adversaries may launch attacks after the data is released in the blockchain network. Existing incentive-based solutions for timed data release in Ethereum blockchains guarantee protection under the assumption of a fully rational adversarial environment in which every peer acts rationally. However, these schemes fail invariably when even a single participating peer node in the protocol starts acting maliciously and deviates from the rational behavior. In this paper, we propose a systematic solution for attack-resilient and practical blockchain-based timed data release in a mixed adversarial environment, where both malicious adversaries and rational adversaries exist. We first propose an effective uncertainty-aware reputation measure to capture the behaviors of the peer involved in timed data release activities in the network. In light of such a measure, we present the design of a basic protocol that consists of two critical ingredients, namely reputation-aware peer recruitment and verifiable enforcement protocols. The former, prior to the start of the enforcement protocols, performs peer recruitment based on the reputation measure to make the design probabilistically attack-resilient to the post-facto attacks. The latter is responsible for contractually guarding the recruited peers at runtime by transparently reporting observed adversarial behaviors. However, the basic recruitment design is only aware of the reputation of the peers and it does not consider the working time schedule of the participating peers and as a result, it results in lower attack-resilience. To enhance the attack resilience further without impacting the verifiable enforcement protocols, we propose a temporal graph-based reputation-aware peer recruitment algorithm that carefully determines the peer recruitment plan to make the service more attack-resilient. In our proposed approach, we formally capture the timed data release service as a temporal graph and we develop a novel maximal attack-resilient path-finding algorithm on the temporal graph for the participating peers. We implement a prototype of the proposed approach using Smart Contracts and deploy it on the Ethereum official test network, Rinkeby. For extensively evaluating the proposed techniques, we perform simulation experiments to validate the effectiveness of the reputation-aware timed data release protocols as well as our proposed temporal-graph-based improvements. The results demonstrate the effectiveness and strong att
{"title":"Securing blockchain-based timed data release against adversarial attacks","authors":"Jingzhe Wang, Balaji Palanisamy","doi":"10.3233/jcs-230001","DOIUrl":"https://doi.org/10.3233/jcs-230001","url":null,"abstract":"Timed data release refers to protecting sensitive data that can be accessed only after a pre-determined amount of time has passed. While blockchain-based solutions for timed data release provide a promising approach for decentralizing the process, designing an attack-resilient timed-release service that is resilient to malicious adversaries in a blockchain network is inherently challenging. A timed-release service on a blockchain network is inevitably exposed to the risk of post-facto attacks where adversaries may launch attacks after the data is released in the blockchain network. Existing incentive-based solutions for timed data release in Ethereum blockchains guarantee protection under the assumption of a fully rational adversarial environment in which every peer acts rationally. However, these schemes fail invariably when even a single participating peer node in the protocol starts acting maliciously and deviates from the rational behavior. In this paper, we propose a systematic solution for attack-resilient and practical blockchain-based timed data release in a mixed adversarial environment, where both malicious adversaries and rational adversaries exist. We first propose an effective uncertainty-aware reputation measure to capture the behaviors of the peer involved in timed data release activities in the network. In light of such a measure, we present the design of a basic protocol that consists of two critical ingredients, namely reputation-aware peer recruitment and verifiable enforcement protocols. The former, prior to the start of the enforcement protocols, performs peer recruitment based on the reputation measure to make the design probabilistically attack-resilient to the post-facto attacks. The latter is responsible for contractually guarding the recruited peers at runtime by transparently reporting observed adversarial behaviors. However, the basic recruitment design is only aware of the reputation of the peers and it does not consider the working time schedule of the participating peers and as a result, it results in lower attack-resilience. To enhance the attack resilience further without impacting the verifiable enforcement protocols, we propose a temporal graph-based reputation-aware peer recruitment algorithm that carefully determines the peer recruitment plan to make the service more attack-resilient. In our proposed approach, we formally capture the timed data release service as a temporal graph and we develop a novel maximal attack-resilient path-finding algorithm on the temporal graph for the participating peers. We implement a prototype of the proposed approach using Smart Contracts and deploy it on the Ethereum official test network, Rinkeby. For extensively evaluating the proposed techniques, we perform simulation experiments to validate the effectiveness of the reputation-aware timed data release protocols as well as our proposed temporal-graph-based improvements. The results demonstrate the effectiveness and strong att","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"77 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135088511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Attribute based encryption (ABE) is a cryptographic technique allowing fine-grained access control by enabling one-to-many encryption. Existing ABE constructions suffer from at least one of the following limitations. First, single point of failure on security meaning that, once an authority is compromised, an adversary can either easily break the confidentiality of the encrypted data or effortlessly prevent legitimate users from accessing data; second, the lack of user and/or attribute revocation mechanism achieving forward and backward secrecy; third, a heavy computation workload is placed on data user; last but not least, the lack of adaptive security in standard models. In this paper, we propose the first single-point-of-failure free multi-authority ciphertext-policy ABE that simultaneously (1) ensures robustness for both decryption key issuing and access revocation while achieving both backward and forward secrecy; (2) enables outsourced decryption to reduce the decryption overhead for data users that have limited computational resources; and (3) achieves adaptive (full) security in standard models. The provided theoretical complexity comparison as well as the conducted experiments show that our construction introduces linear storage and computation overheads that occurs only once during its setup phase, which we believe to be a reasonable price to pay to achieve all previous features.
{"title":"Robust, revocable, forward and backward adaptively secure attribute-based encryption with outsourced decryption1","authors":"Anis Bkakria","doi":"10.3233/jcs-220129","DOIUrl":"https://doi.org/10.3233/jcs-220129","url":null,"abstract":"Attribute based encryption (ABE) is a cryptographic technique allowing fine-grained access control by enabling one-to-many encryption. Existing ABE constructions suffer from at least one of the following limitations. First, single point of failure on security meaning that, once an authority is compromised, an adversary can either easily break the confidentiality of the encrypted data or effortlessly prevent legitimate users from accessing data; second, the lack of user and/or attribute revocation mechanism achieving forward and backward secrecy; third, a heavy computation workload is placed on data user; last but not least, the lack of adaptive security in standard models. In this paper, we propose the first single-point-of-failure free multi-authority ciphertext-policy ABE that simultaneously (1) ensures robustness for both decryption key issuing and access revocation while achieving both backward and forward secrecy; (2) enables outsourced decryption to reduce the decryption overhead for data users that have limited computational resources; and (3) achieves adaptive (full) security in standard models. The provided theoretical complexity comparison as well as the conducted experiments show that our construction introduces linear storage and computation overheads that occurs only once during its setup phase, which we believe to be a reasonable price to pay to achieve all previous features.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"78 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135087346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xiaodi Li, Latifur Khan, Mahmoud Zamani, Shamila Wickramasuriya, Kevin Hamlen, Bhavani Thuraisingham
Con2Mix (Contrastive Double Mixup) is a new semi-supervised learning methodology that innovates a triplet mixup data augmentation approach for finding code vulnerabilities in imbalanced, tabular security data sets. Tabular data sets in cybersecurity domains are widely known to pose challenges for machine learning because of their heavily imbalanced data (e.g., a small number of labeled attack samples buried in a sea of mostly benign, unlabeled data). Semi-supervised learning leverages a small subset of labeled data and a large subset of unlabeled data to train a learning model. While semi-supervised methods have been well studied in image and language domains, in security domains they remain underutilized, especially on tabular security data sets which pose especially difficult contextual information loss and balance challenges for machine learning. Experiments applying Con2Mix to collected security data sets show promise for addressing these challenges, achieving state-of-the-art performance on two evaluated data sets compared with other methods.
{"title":"Con2Mix: A semi-supervised method for imbalanced tabular security data1","authors":"Xiaodi Li, Latifur Khan, Mahmoud Zamani, Shamila Wickramasuriya, Kevin Hamlen, Bhavani Thuraisingham","doi":"10.3233/jcs-220130","DOIUrl":"https://doi.org/10.3233/jcs-220130","url":null,"abstract":"Con2Mix (Contrastive Double Mixup) is a new semi-supervised learning methodology that innovates a triplet mixup data augmentation approach for finding code vulnerabilities in imbalanced, tabular security data sets. Tabular data sets in cybersecurity domains are widely known to pose challenges for machine learning because of their heavily imbalanced data (e.g., a small number of labeled attack samples buried in a sea of mostly benign, unlabeled data). Semi-supervised learning leverages a small subset of labeled data and a large subset of unlabeled data to train a learning model. While semi-supervised methods have been well studied in image and language domains, in security domains they remain underutilized, especially on tabular security data sets which pose especially difficult contextual information loss and balance challenges for machine learning. Experiments applying Con2Mix to collected security data sets show promise for addressing these challenges, achieving state-of-the-art performance on two evaluated data sets compared with other methods.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":"77 21","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135087352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: