发布求助
文献互助 智能选刊 最新文献

Proceedings of the 12th European Workshop on Systems Security最新文献

筛选
英文 中文
Static Analysis of ROP Code ROP代码的静态分析
Proceedings of the 12th European Workshop on Systems Security Pub Date : 2019-03-25 DOI: 10.1145/3301417.3312494
Daniele Cono D'Elia, Emilio Coppa, Andrea Salvati, C. Demetrescu
{"title":"Static Analysis of ROP Code","authors":"Daniele Cono D'Elia, Emilio Coppa, Andrea Salvati, C. Demetrescu","doi":"10.1145/3301417.3312494","DOIUrl":"https://doi.org/10.1145/3301417.3312494","url":null,"abstract":"Recent years have witnessed code reuse techniques being employed to craft entire programs such as Jekyll apps, malware droppers, and persistent data-only rootkits. The increased complexity observed in such payloads calls for specific techniques and tools that can help in their analysis. In this paper we propose novel ideas for static analysis of ROP code and apply them to study prominent payloads targeting the Windows platform. Unlike state-of-the-art approaches, we do not require the ROP activation context be reproduced for the analysis. We then propose a guessing mechanism to identify gadget sources for payloads found in documents or over the network.","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132123121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Configuration-Driven Software Debloating 配置驱动的软件膨胀
Proceedings of the 12th European Workshop on Systems Security Pub Date : 2019-03-25 DOI: 10.1145/3301417.3312501
Hyungjoon Koo, Seyedhamed Ghavamnia, M. Polychronakis
{"title":"Configuration-Driven Software Debloating","authors":"Hyungjoon Koo, Seyedhamed Ghavamnia, M. Polychronakis","doi":"10.1145/3301417.3312501","DOIUrl":"https://doi.org/10.1145/3301417.3312501","url":null,"abstract":"With legitimate code becoming an attack surface due to the proliferation of code reuse attacks, software debloating is an effective mitigation that reduces the amount of instruction sequences that may be useful for an attacker, in addition to eliminating potentially exploitable bugs in the removed code. Existing debloating approaches either statically remove code that is guaranteed to not run (e.g., non-imported functions from shared libraries), or rely on profiling with realistic workloads to pinpoint and keep only the subset of code that was executed. In this work, we explore an alternative configuration-driven software debloating approach that removes feature-specific code that is exclusively needed only when certain configuration directives are specified---which are often disabled by default. Using a semi-automated approach, our technique identifies libraries solely needed for the implementation of a particular functionality and maps them to certain configuration directives. Based on this mapping, feature-specific libraries are not loaded at all if their corresponding directives are disabled. The results of our experimental evaluation with Nginx, VSFTPD, and OpenSSH show that using the default configuration in each case, configuration-driven debloating can remove 77% of the code for Nginx, 53% for VSFTPD, and 20% for OpenSSH, which represent a significant attack surface reduction.","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130916497","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 51
Forward and Backward Private Searchable Encryption with SGX SGX的向前和向后私有可搜索加密
Proceedings of the 12th European Workshop on Systems Security Pub Date : 2019-03-25 DOI: 10.1145/3301417.3312496
Ghous Amjad, S. Kamara, Tarik Moataz
{"title":"Forward and Backward Private Searchable Encryption with SGX","authors":"Ghous Amjad, S. Kamara, Tarik Moataz","doi":"10.1145/3301417.3312496","DOIUrl":"https://doi.org/10.1145/3301417.3312496","url":null,"abstract":"Symmetric Searchable Encryption (SSE) schemes enable users to search over encrypted data hosted on an untrusted server. Recently, there has been a lot of interest in forward and backward private SSE. The notion of forward privacy guarantees that updates to the encrypted structure do not reveal their association to any query made in the past. Backward privacy, on the other hand, guarantees that queries do not reveal their association to deleted documents. But strong backward private schemes are known to be inefficient in terms of both communication and computation. One avenue for improvement is leveraging the power of trusted execution environments such as Intel SGX inside the untrusted server to improve some of these inefficiencies. In this work, we propose the first SGX-supported dynamic SSE constructions that are forward-private as well as backward-private. To the best of our knowledge, while there is some work on SGX-supported Oblivious RAM (ORAM) and static SSE, there is no work on SGX-supported dynamic SSE. We propose three constructions that cover all types of backward privacy in literature that are very efficient compared to the state of the art backward private schemes. Our communication complexity is always the number of current documents matching the query and we show that there is no need for 'total obliviousness' in constructions for the strongest notion of backward privacy.","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125569492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Pythia: Identifying Dangerous Data-flows in Django-based Applications python:识别基于django的应用程序中的危险数据流
Proceedings of the 12th European Workshop on Systems Security Pub Date : 2019-03-25 DOI: 10.1145/3301417.3312497
Linos Giannopoulos, Eirini Degkleri, P. Tsanakas, Dimitris Mitropoulos
{"title":"Pythia: Identifying Dangerous Data-flows in Django-based Applications","authors":"Linos Giannopoulos, Eirini Degkleri, P. Tsanakas, Dimitris Mitropoulos","doi":"10.1145/3301417.3312497","DOIUrl":"https://doi.org/10.1145/3301417.3312497","url":null,"abstract":"Web frameworks that allow developers to create applications based on design patterns such as the Model View Controller (MVC), provide by default a number of security checks. Nevertheless, by using specific constructs, developers may disable these checks thus re-introducing classic application vulnerabilities such as Cross-site Scripting (XSS) and Cross-Site Request Forgery (CSRF). Framework-specific elements including (1) the complex nature of these applications, (2) the different features that they involve (e.g. templates), and (3) the inheritance mechanisms that governs them, make the identification of such issues very difficult. To tackle this problem, we have developed Pythia, a scheme that analyzes applications based on the Django framework. To identify potentially dangerous data flows that can lead to XSS and CSRF defects, Pythia takes into account all the aforementioned elements and employs ideas coming from standard data-flow analysis and taint tracking schemes. To the best of our knowledge, Pythia is the first mechanism to consider framework-specific elements in its analysis. We have evaluated our scheme with positive results. Specifically, we used Pythia to examine five open-source applications that are currently in production and have thousands of users including an e-voting service, and a web-based translation management system. In four cases we have identified dangerous paths that in turn led to vulnerabilities. Notably, in many cases the paths involved the particular features of Django-based applications e.g. templates.","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129055672","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
T-IBE-T: Identity-Based Encryption for Inter-Tile Communication T-IBE-T:基于身份的层间通信加密
Proceedings of the 12th European Workshop on Systems Security Pub Date : 2019-03-25 DOI: 10.1145/3301417.3312500
Alexander Würstlein, Wolfgang Schröder-Preikschat
{"title":"T-IBE-T: Identity-Based Encryption for Inter-Tile Communication","authors":"Alexander Würstlein, Wolfgang Schröder-Preikschat","doi":"10.1145/3301417.3312500","DOIUrl":"https://doi.org/10.1145/3301417.3312500","url":null,"abstract":"T-IBE-T applies identity-based encryption (IBE) to inter-tile communication in tiled multi-processor system-on-chip (MPSoC) hardware architectures. There, a network-on-chip (NoC) enables communication among topologically disconnected parts of an application. When such an MPSoC is shared while tiles are exclusively allocated, with malicious applications present, the NoC becomes a weak point. Yet minimal memory footprint, as well as scalability, are necessary preconditions on any security mechanism in this scenario. We show that T-IBE-T provides each component such as the tiles' OS instances, applications and tile application instances with a secure key exchange while ensuring asynchronicity, minimal latency and providing no-cost key distribution.","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116004212","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Is Privacy possible without Anonymity?: The case for microblogging services 没有匿名就有隐私吗?微博服务的案例
Proceedings of the 12th European Workshop on Systems Security Pub Date : 2019-03-25 DOI: 10.1145/3301417.3312498
P. Papadopoulos, A. Papadogiannakis, M. Polychronakis, E. Markatos
{"title":"Is Privacy possible without Anonymity?: The case for microblogging services","authors":"P. Papadopoulos, A. Papadogiannakis, M. Polychronakis, E. Markatos","doi":"10.1145/3301417.3312498","DOIUrl":"https://doi.org/10.1145/3301417.3312498","url":null,"abstract":"Traditional approaches to privacy are usually based on top of anonymizing or pseudonymizing systems. For example, users who would like to protect their identity and/or hide their activities while browsing the web frequently use anonymizing systems (e.g., Tor) or services (e.g., VPNs and proxies). Although anonymizing systems are usually effective, recent revelations suggest that anonymization can be compromised and can be used to provide a false sense of security. In this paper we assume a world where anonymization is (practically) not possible. Imagine, for example, a community where the use of anonymizing systems is frowned upon or even forbidden. Is it possible for users to protect their privacy when they can not hide their identity? In this paper, we focus our question on users interested in following information channels in microblogging services and we show that it is possible for users to protect their privacy even if they can not hide their identity. To do so, we propose two obfuscation-based algorithms and quantify their effectiveness. We show that obfuscation can be used in such a way so that attackers can not use this service to increase their a priori knowledge on whether a user is interested in a channel or not.","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128595353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Security Analysis of Devolo HomePlug Devices Devolo HomePlug设备的安全性分析
Proceedings of the 12th European Workshop on Systems Security Pub Date : 2019-03-25 DOI: 10.1145/3301417.3312499
Rouven Scholz, Christian Wressnegger
{"title":"Security Analysis of Devolo HomePlug Devices","authors":"Rouven Scholz, Christian Wressnegger","doi":"10.1145/3301417.3312499","DOIUrl":"https://doi.org/10.1145/3301417.3312499","url":null,"abstract":"Vulnerabilities in smart devices often are particular severe from a privacy point of view. If these devices form central components of the underlying infrastructure, such as Wifi repeaters, even an entire network may be compromised. The devastating effects of such a compromise recently became evident in light of the Mirai botnet. In this paper, we conduct a thorough security analysis of so-called HomePlug devices, which are used to establish network communication over power lines. We identify multiple security issues and find that hundreds of vulnerable devices are openly connected to the Internet across Europe. 87 % run an outdated firmware, showing the deficiency of manual updates in comparison to automatic ones. However, even the default configurations of updated devices lack basic security mechanisms.","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132373922","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Market Manipulation as a Security Problem: Attacks and Defenses 作为安全问题的市场操纵:攻击与防御
Proceedings of the 12th European Workshop on Systems Security Pub Date : 2019-03-25 DOI: 10.1145/3301417.3312493
V. Mavroudis
{"title":"Market Manipulation as a Security Problem: Attacks and Defenses","authors":"V. Mavroudis","doi":"10.1145/3301417.3312493","DOIUrl":"https://doi.org/10.1145/3301417.3312493","url":null,"abstract":"Order matching systems form the backbone of modern equity exchanges, used by millions of investors daily. Thus, their operation is strictly controlled through numerous regulatory directives to ensure that markets are fair and transparent. Despite these efforts, market manipulation remains an open problem. In this work, we focus on a class of market manipulation techniques that exploit technical details and glitches in the operation of the exchanges (i.e., mechanical arbitrage). Such techniques are used by predatory traders with deep knowledge of the exchange's structure to gain an advantage over the other market participants. We argue that technical solutions to the problem of mechanical arbitrage have the potential to significantly thwart these practices. Our work provides the first overview of the threat landscape, models fair markets and their security assumptions, and discusses various mitigation measures.","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"224 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124462839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Pitfalls of open architecture: How friends can exploit your cryptocurrency wallet 开放架构的陷阱:朋友如何利用你的加密货币钱包
Proceedings of the 12th European Workshop on Systems Security Pub Date : 2019-03-25 DOI: 10.1145/3301417.3312495
Thanh Bui, S. Rao, M. Antikainen, T. Aura
{"title":"Pitfalls of open architecture: How friends can exploit your cryptocurrency wallet","authors":"Thanh Bui, S. Rao, M. Antikainen, T. Aura","doi":"10.1145/3301417.3312495","DOIUrl":"https://doi.org/10.1145/3301417.3312495","url":null,"abstract":"Many cryptocurrency wallet applications on desktop provide an open remote procedure call (RPC) interface that other blockchain-based applications can use to access their functionality. This paper studies the security of the RPC interface in several cryptocurrency wallets. We find that, in many cases, a malicious process running on the computer regardless of its privileges can impersonate the communication endpoints of the RPC channel and, effectively, steal the funds in the wallet. The attacks are closely related to server and client impersonation on computer networks but occur inside the computer. The malicious process may be created by another authenticated but unprivileged user on the same computer or even by the guest user. The main contribution of this paper is to raise awareness among wallet developers about the need to protect local RPC channels with the same prudence as network connections. We also hope that it will discourage users to run security-critical applications like cryptocurrency wallets on shared systems or computers with guest account enabled.","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126554197","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Proceedings of the 12th European Workshop on Systems Security 第12届欧洲系统安全研讨会论文集
Proceedings of the 12th European Workshop on Systems Security Pub Date : 1900-01-01 DOI: 10.1145/3301417
{"title":"Proceedings of the 12th European Workshop on Systems Security","authors":"","doi":"10.1145/3301417","DOIUrl":"https://doi.org/10.1145/3301417","url":null,"abstract":"","PeriodicalId":125091,"journal":{"name":"Proceedings of the 12th European Workshop on Systems Security","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122593451","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信