2007 IEEE Symposium on Security and Privacy (SP '07)最新文献_第2页

ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing ShieldGen:自动数据补丁生成未知漏洞与知情探测

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.34

Weidong Cui, Marcus Peinado, Helen J. Wang, M. Locasto

{"title":"ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing","authors":"Weidong Cui, Marcus Peinado, Helen J. Wang, M. Locasto","doi":"10.1109/SP.2007.34","DOIUrl":"https://doi.org/10.1109/SP.2007.34","url":null,"abstract":"In this paper, we present ShieldGen, a system for automatically generating a data patch or a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. The key novelty in our work is that we leverage knowledge of the data format to generate new potential attack instances, which we call probes, and use a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability; the feedback of the oracle guides our search for the vulnerability signature. We have implemented a ShieldGen prototype and experimented with three known vulnerabilities. The generated signatures have no false positives and a low rate of false negatives due to imperfect data format specifications and the sampling technique used in our probe generation. Overall, they are significantly more precise than the signatures generated by existing schemes. We have also conducted a detailed study of 25 vulnerabilities for which Microsoft has issued security bulletins between 2003 and 2006. We estimate that ShieldGen can produce high quality signatures for a large portion of those vulnerabilities and that the signatures are superior to the signatures generated by existing schemes.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"97 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132300850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 114

A Systematic Approach to Uncover Security Flaws in GUI Logic 揭示GUI逻辑安全漏洞的系统方法

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.6

J. Meseguer, R. Sasse, Helen J. Wang, Yi-Min Wang

{"title":"A Systematic Approach to Uncover Security Flaws in GUI Logic","authors":"J. Meseguer, R. Sasse, Helen J. Wang, Yi-Min Wang","doi":"10.1109/SP.2007.6","DOIUrl":"https://doi.org/10.1109/SP.2007.6","url":null,"abstract":"To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the human-computer interface is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic bugs in GUI design/implementation. Visual spoofing attacks that exploit these flaws can lure even security- conscious users to perform unintended actions. The focus of this paper is to formulate the problem of GUI logic flaws and to develop a methodology for uncovering them in software implementations. Specifically, based on an in-depth study of key subsets of Internet Explorer (IE) browser source code, we have developed a formal model for the browser GUI logic and have applied formal reasoning to uncover new spoofing scenarios, including nine for status bar spoofing and four for address bar spoofing. The IE development team has confirmed all these scenarios and has fixed most of them in their latest build. Through this work, we demonstrate that a crucial subset of visual spoofing vulnerabilities originate from GUI logic flaws, which have a well-defined mathematical meaning allowing a systematic analysis.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129157425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 52

Multi-Dimensional Range Query over Encrypted Data 加密数据多维范围查询

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.29

E. Shi, J. Bethencourt, T-H. Hubert Chan, D. Song, A. Perrig

{"title":"Multi-Dimensional Range Query over Encrypted Data","authors":"E. Shi, J. Bethencourt, T-H. Hubert Chan, D. Song, A. Perrig","doi":"10.1109/SP.2007.29","DOIUrl":"https://doi.org/10.1109/SP.2007.29","url":null,"abstract":"We design an encryption scheme called multi-dimensional range query over encrypted data (MRQED), to address the privacy concerns related to the sharing of network audit logs and various other applications. Our scheme allows a network gateway to encrypt summaries of network flows before submitting them to an untrusted repository. When network intrusions are suspected, an authority can release a key to an auditor, allowing the auditor to decrypt flows whose attributes (e.g., source and destination addresses, port numbers, etc.) fall within specific ranges. However, the privacy of all irrelevant flows are still preserved. We formally define the security for MRQED and prove the security of our construction under the decision bilinear Diffie-Hellman and decision linear assumptions in certain bilinear groups. We study the practical performance of our construction in the context of network audit logs. Apart from network audit logs, our scheme also has interesting applications for financial audit logs, medical privacy, untrusted remote storage, etc. In particular, we show that MRQED implies a solution to its dual problem, which enables investors to trade stocks through a broker in a privacy-preserving manner.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131573434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 532

Lurking in the Shadows: Identifying Systemic Threats to Kernel Data 潜伏在阴影中:识别对内核数据的系统性威胁

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.25

A. Baliga, P. Kamat, L. Iftode

{"title":"Lurking in the Shadows: Identifying Systemic Threats to Kernel Data","authors":"A. Baliga, P. Kamat, L. Iftode","doi":"10.1109/SP.2007.25","DOIUrl":"https://doi.org/10.1109/SP.2007.25","url":null,"abstract":"The integrity of kernel code and data is fundamental to the integrity of the computer system. Tampering with the kernel data is an attractive venue for rootkit writers since malicious modifications in the kernel are harder to identify compared to their user-level counterparts. So far however, the pattern followed for tampering is limited to hiding malicious objects in user-space. This involves manipulating a subset of kernel data structures that are related to intercepting user requests or affecting the user's view of the system. Hence, defense techniques are built around detecting such hiding behavior. The contribution of this paper is to demonstrate a new class of stealthy attacks that only exist in kernel space and do not employ any hiding techniques traditionally used by rootkits. These attacks are stealthy because the damage done to the system is not apparent to the user or intrusion detection systems installed on the system and are symbolic of a more systemic problem present throughout the kernel. Our goal in building these attack prototypes was to show that such attacks are not only realistic, but worse; they cannot be detected by the current generation of kernel integrity monitors, without prior knowledge of the attack signature.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125101400","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 99

Exploring Multiple Execution Paths for Malware Analysis 探索恶意软件分析的多个执行路径

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.17

Andreas Moser, Christopher Krügel, E. Kirda

{"title":"Exploring Multiple Execution Paths for Malware Analysis","authors":"Andreas Moser, Christopher Krügel, E. Kirda","doi":"10.1109/SP.2007.17","DOIUrl":"https://doi.org/10.1109/SP.2007.17","url":null,"abstract":"Malicious code (or Malware) is defined as software that fulfills the deliberately harmful intent of an attacker. Malware analysis is the process of determining the behavior and purpose of a given Malware sample (such as a virus, worm, or Trojan horse). This process is a necessary step to be able to develop effective detection techniques and removal tools. Currently, Malware analysis is mostly a manual process that is tedious and time-intensive. To mitigate this problem, a number of analysis tools have been proposed that automatically extract the behavior of an unknown program by executing it in a restricted environment and recording the operating system calls that are invoked. The problem of dynamic analysis tools is that only a single program execution is observed. Unfortunately, however, it is possible that certain malicious actions are only triggered under specific circumstances (e.g., on a particular day, when a certain file is present, or when a certain command is received). In this paper, we propose a system that allows us to explore multiple execution paths and identify malicious actions that are executed only when certain conditions are met. This enables us to automatically extract a more complete view of the program under analysis and identify under which circumstances suspicious actions are carried out. Our experimental results demonstrate that many Malware samples show different behavior depending on input read from the environment. Thus, by exploring multiple execution paths, we can obtain a more complete picture of their actions.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116077265","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 577

Enforcing Semantic Integrity on Untrusted Clients in Networked Virtual Environments 网络虚拟环境中对不可信客户端的语义完整性强制

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.16

S. Jha, S. Katzenbeisser, C. Schallhart, H. Veith, Stephen Chenney

引用次数: 14

A Cryptographic Decentralized Label Model 一个密码学的分散标签模型

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.5

J. A. Vaughan, S. Zdancewic

{"title":"A Cryptographic Decentralized Label Model","authors":"J. A. Vaughan, S. Zdancewic","doi":"10.1109/SP.2007.5","DOIUrl":"https://doi.org/10.1109/SP.2007.5","url":null,"abstract":"Information-flow security policies are an appealing way of specifying confidentiality and integrity policies in information systems. Most previous work on language-based security has assumed that programs run in a closed, managed environment and that they use potentially unsafe constructs, such as declassification, to interface to external communication channels, perhaps after encrypting data to preserve its confidentiality. This situation is unsatisfactory for systems that need to communicate over untrusted channels or use untrusted persistent storage, since the connection between the cryptographic mechanisms used in the untrusted environment and the abstract security labels used in the trusted language environment is ad hoc and unclear. This paper addresses this problem in three ways: first, it presents a simple, security-typed language with a novel mechanism called packages that provides an abstract means for creating opaque objects and associating them with security labels; well-typed programs in this language enforce noninterference. Second, it shows how to implement these packages using public-key cryptography. This implementation strategy uses a variant of Myers and Liskov's decentralized label model, which supports a rich label structure in which mutually distrusting data owners can specify independent confidentiality and integrity requirements. Third, it demonstrates that this implementation of packages is sound with respect to Dolev-Yao style attackers-such an attacker cannot determine the contents of a package without possessing the appropriate keys, as determined by the security label on the package.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131388692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 48

Extended Abstract: Forward-Secure Sequential Aggregate Authentication 扩展摘要:前向安全顺序聚合认证

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.18

Di Ma, G. Tsudik

{"title":"Extended Abstract: Forward-Secure Sequential Aggregate Authentication","authors":"Di Ma, G. Tsudik","doi":"10.1109/SP.2007.18","DOIUrl":"https://doi.org/10.1109/SP.2007.18","url":null,"abstract":"Wireless sensors are employed in a wide range of applications. One common feature of many sensor settings is the need to communicate sensed data to some collection point or sink. This communication can be direct (to a mobile collector) or indirect-via other sensors towards a remote sink. In either case, a sensor might not be able to communicate to a sink at will. Instead it might collect data and wait (for a potentially long time) for a signal to upload accumulated data directly. In a hostile setting, a sensor may be compromised and its post-compromise data can be manipulated. One important issue is forward security - how to ensure that pre- compromise data cannot be manipulated? Since a typical sensor is limited in storage and communication facilities, another issue is how to minimize resource consumption by accumulated data. It turns out that current techniques are insufficient to address both challenges. To this end, we explore the notion of forward-secure sequential aggregate (FssAgg) authentication schemes. We consider FssAgg authentication schemes in the contexts of both conventional and public key cryptography and construct a FssAgg MAC scheme and a FssAgg signature scheme, each suitable under different assumptions. This work represents the initial investigation of forward-secure aggregation and, although the proposed schemes are not optimal, we believe it opens a new direction for follow-on research.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130597037","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 85

Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems 低延迟匿名通信系统的网络流水印攻击

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.30

Xinyuan Wang, Shiping Chen, S. Jajodia

{"title":"Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems","authors":"Xinyuan Wang, Shiping Chen, S. Jajodia","doi":"10.1109/SP.2007.30","DOIUrl":"https://doi.org/10.1109/SP.2007.30","url":null,"abstract":"Many proposed low-latency anonymous communication systems have used various flow transformations such as traffic padding, adding cover traffic (or bogus packets), packet dropping, flow mixing, flow splitting, and flow merging to achieve anonymity. It has long been believed that these flow transformations would effectively disguise net-workflows, thus achieve good anonymity. In this paper, we investigate the fundamental limitations of flow transformations in achieving anonymity, and we show that flow transformations do not necessarily provide the level of anonymity people have expected or believed. By injecting unique watermark into the inter-packet timing domain of a packet flow, we are able to make any sufficiently long flow uniquely identifiable even if I) it is disguised by substantial amount of cover traffic, 2) it is mixed or merged with a number of other flows, 3) it is split into a number subflows, 4) there is a substantial portion of packets dropped, and 5) it is perturbed in timing due to either natural network delay jitter or deliberate timing perturbation. In addition to demonstrating the theoretical limitations of low-latency anonymous communications systems, we develop the first practical attack on the leading commercial low-latency anonymous communication system. Our real-time experiments show that our flow watermarking attack only needs about 10 minutes active Web browsing traffic to \"penetrate\" the total net shield service provided by www.anonymizer.com. Our analytical and empirical results demonstrate that achieving anonymity in low-latency communication systems is much harder than we have realized, and current flow transformation based low-latency anonymous communication systems need to be revisited.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125427112","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 252

Attacking the IPsec Standards in Encryption-only Configurations 攻击纯加密配置下的IPsec标准

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI: 10.1109/SP.2007.8

Jean Paul Degabriele, K. Paterson

引用次数: 73