Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security最新文献

{"title":"Democratizing election verification: new methods for addressing an ancient attacker model","authors":"Vanessa J. Teague","doi":"10.1145/3579856.3596443","DOIUrl":"https://doi.org/10.1145/3579856.3596443","url":null,"abstract":"Elections are a special security problem because it is not good enough for systems to be secure and results correct - they must also be verifiably so. Even leaving aside the psychological aspects (some people don’t believe evidence, or don’t understand mathematically-based evidence), many nations’ election systems fall far short of this goal. In this talk I’ll discuss a setting increasingly common in the US, Australia and elsewhere: citizens vote privately on paper, then the votes are digitized and counted electronically. Sounds simple, doesn’t it? But producing publicly verifiable evidence of a correct outcome requires carefully-designed processes. Also, running these processes meaningfully requires active involvement from the public. I’ll discuss the attacker model and process of verifiable election audits. I’ll then explain our groundbreaking techniques for auditing instant-runoff (IRV) elections and other complex social choice functions, and describe important open problems, particularly for the single transferable vote. Based on joint work with Michelle Blom, Andrew Conway, Alexander Ek, Philip B Stark, Peter J Stuckey and Damjan Vukcevic.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129850000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Benchmarking the Benchmarks","authors":"Marc Miltenberger, Steven Arzt, Philipp Holzinger, Julius Näumann","doi":"10.1145/3579856.3582830","DOIUrl":"https://doi.org/10.1145/3579856.3582830","url":null,"abstract":"Over the years, security researchers have developed a broad spectrum of automatic code scanners that aim to find security vulnerabilities in applications. Security benchmarks are commonly used to evaluate novel scanners or program analysis techniques. Each benchmark consists of multiple positive test cases that reflect typical implementations of vulnerabilities, as well as negative test cases, that reflect secure implementations without security flaws. Based on this ground truth, researchers can demonstrate the recall and precision of their novel contributions. However, as we found, existing security benchmarks are often underspecified with respect to their underlying assumptions and threat models. This may lead to misleading evaluation results when testing code scanners, since it requires the scanner to follow unclear and sometimes even contradictory assumptions. To help improve the quality of benchmarks, we propose SecExploitLang, a specification language that allows the authors of benchmarks to specify security assumptions along with their test cases. We further present Exploiter, a tool than can automatically generate exploit code based on a test case and its SecExploitLang specification to demonstrate the correctness of the test case. We created SecExploitLang specifications for two common security benchmarks and used Exploiter to evaluate the adequacy of their test case implementations. Our results show clear shortcomings in both benchmarks, i.e., a significant number of positive test cases turn out to be unexploitable, and even some negative test case implementation turn out to be exploitable. As we explain, the reasons for this include implementation defects, as well as design flaws, which impacts the meaningfulness of evaluations that were based on them. Our work shall highlight the importance of thorough benchmark design and evaluation, and the concepts and tools we propose shall facilitate this task.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117176141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Honey postMessage, but a Heart of Gall: Exploiting Push Service in Service Workers Via postMessage","authors":"Yeomin Jeong, Woonghee Lee, Junbeom Hur","doi":"10.1145/3579856.3590342","DOIUrl":"https://doi.org/10.1145/3579856.3590342","url":null,"abstract":"Progressive web app (PWA) is a kind of web apps, which is designed to enhance users’ browsing experience by combining the advantages of a web app’s reachability and a native app’s diverse functionalities. PWA sites have a special JavaScript file, service worker, which is executed in a different thread from the browser’s main page. It thus can support unique functionalities such as offline usage and push service even after the browser is closed. Because of these features, the service worker has been a main target of many web attacks such as a DDOS attack, or abused to generate illegal sites such as darknet sites. However, previous attacks exploiting the push service have limitations in that they need the pre-installation of a malicious service worker or only can passively utilize the existing push notification from the legitimate site (e.g., hijacking the push notification to track users’ location). In this study, we propose a novel crafted postMessage attack (CPA) using the postMessage() method, which leverages the benign service worker’s push service by exploiting the cross-site scripting (XSS) vulnerability. Unlike the previous attacks, CPA attackers can actively craft push notifications for imitating the legitimate site or enticing victims with a honeyed message. Besides, CPA attackers can sniff users’ personal interest (e.g., subscription states as well as browsing histories), and even unsubscribe them to block the receipt of the push notification from the legitimate site. To assess the real-world prevalence of the vulnerability causing CPA, we conduct a measurement study on popular PWA sites based on Tranco list by collecting a total of 9,005 PWA sites from the top 200k sites using a service worker. As a result, we found 376 sites among them are still vulnerable to the XSS attack, and 16 sites out of those 376 sites are vulnerable to our attack in total. We estimated the number of potential victims of CPA, and it turned out that up to 6.5 M users per month are susceptible to our attack. Based on our findings, we discuss the root cause of the vulnerabilities and practical mitigations of our attack.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124027997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FUSE – Flexible File Format and Intermediate Representation for Secure Multi-Party Computation","authors":"Lennart Braun, Moritz Huppert, Nora Khayata, T. Schneider, Oleksandr Tkachenko","doi":"10.1145/3579856.3590340","DOIUrl":"https://doi.org/10.1145/3579856.3590340","url":null,"abstract":"Secure Multi-Party Computation (MPC) is continuously becoming more and more practical. Many optimizations have been introduced, making MPC protocols more suitable for solving real-world problems. However, the MPC protocols and optimizations are usually implemented as a standalone proof of concept or in an MPC framework and are tightly coupled with special-purpose circuit formats, such as Bristol Format. This makes it very hard and time-consuming to re-use algorithmic advances and implemented applications in a different context. Developing generic algorithmic optimizations is exceptionally hard because the available MPC tools and formats are not generic and do not provide the necessary infrastructure. In this paper, we present FUSE: A Framework for Unifying and Optimizing Secure Multi-Party Computation Implementations with Efficient Circuit Storage. FUSE provides a flexible intermediate representation (FUSE IR) that can be used across different platforms and in different programming languages, including C/C++, Java, Rust, and Python. We aim at making MPC tools more interoperable, removing the tight coupling between high-level compilers for MPC and specific MPC protocol engines, thus driving knowledge transfer. Our framework is inspired by the widely known LLVM compiler framework. FUSE is portable, extensible, and it provides implementation-agnostic optimizations. As frontends, we implement HyCC (CCS’18), the Bristol circuit format, and MOTION (TOPS’22), s.t. these can be automatically converted to FUSE IR. We implement several generic optimization passes, such as automatic subgraph replacement and vectorization, to showcase the utility and efficiency of our framework. Finally, we implement as backends MOTION and MP-SPDZ (CCS’20), so that FUSE IR can be run by these frameworks in an MPC protocol, as well as other useful backends for JSON output and the DOT language for graph visualization. With FUSE, it is possible to use any implemented frontend with any implemented backend and vice-versa. FUSE IR is not only efficient to work on and much more generic than any other format so far – supporting, e.g., function calls, hybrid MPC protocols as well as user-defined building blocks, and annotations – while maintaining backwards-compatibility, but also compact, with smaller storage size than even minimalistic formats such as Bristol already for a few hundred operations.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131727897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Investigating Traffic Analysis Attacks on Apple iCloud Private Relay","authors":"A. Zohaib, J. Sheffey, A. Houmansadr","doi":"10.1145/3579856.3595793","DOIUrl":"https://doi.org/10.1145/3579856.3595793","url":null,"abstract":"The iCloud Private Relay (PR) is a new feature introduced by Apple in June 2021 that aims to enhance online privacy by protecting a subset of web traffic from both local eavesdroppers and websites that use IP-based tracking. The service is integrated into Apple’s latest operating systems and uses a two-hop architecture where a user’s web traffic is relayed through two proxies run by disjoint entities. PR’s multi-hop architecture resembles traditional anonymity systems such as Tor and mix networks. Such systems, however, are known to be susceptible to a vulnerability known as traffic analysis: an intercepting adversary (e.g., a malicious router) can attempt to compromise the privacy promises of such systems by analyzing characteristics (e.g., packet timings and sizes) of their network traffic. In particular, previous works have widely studied the susceptibility of Tor to website fingerprinting and flow correlation, two major forms of traffic analysis. In this work, we are the first to investigate the threat of traffic analysis against the recently introduced PR. First, we explore PR’s current architecture to establish a comprehensive threat model of traffic analysis attacks against PR. Second, we quantify the potential likelihood of these attacks against PR by evaluating the risks imposed by real-world AS-level adversaries through empirical measurement of Internet routes. Our evaluations show that some autonomous systems are in a particularly strong position to perform traffic analysis on a large fraction of PR traffic. Finally, having demonstrated the potential for these attacks to occur, we evaluate the performance of several flow correlation and website fingerprinting attacks over PR traffic. Our evaluations show that PR is highly vulnerable to state-of-the-art website fingerprinting and flow correlation attacks, with both attacks achieving high success rates. We hope that our study will shed light on the significance of traffic analysis to the current PR deployment, convincing Apple to perform design adjustments to alleviate the risks.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126856970","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"QUDA: Query-Limited Data-Free Model Extraction","authors":"Zijun Lin, Ke Xu, Chengfang Fang, Huadi Zheng, Aneez Ahmed Jaheezuddin, Jie Shi","doi":"10.1145/3579856.3590336","DOIUrl":"https://doi.org/10.1145/3579856.3590336","url":null,"abstract":"Model extraction attack typically refers to extracting non-public information from a black-box machine learning model. Its unauthorized nature poses significant threat to intellectual property rights of the model owners. By using the well-designed queries and the predictions returned from the victim model, the adversary is able to train a clone model from scratch to obtain similar functionality as victim model. Recently, some methods have been proposed to perform model extraction attacks without using any in-distribution data (Data-free setting). Although these methods have been shown to achieve high clone accuracy, their query budgets are typically around 10 million or even exceed 20 million in some datasets, which lead to a high cost of model stealing and can be easily defended by limiting the number of queries. To illustrate the severe threats induced by model extraction attacks with limited query budget in realistic scenarios, we propose QUDA – a novel QUey-limited DAta-free model extraction attack that incorporates GAN pre-trained by public unrelated dataset to provide weak image prior and the technique of deep reinforcement learning to make query generation strategy more efficient. Compared with the state-of-the-art data-free model extraction method, QUDA achieves better results under query-limited condition (0.1M query budget) in FMNIST and CIFAR-10 datasets, and even outperforms the baseline method in most cases when QUDA uses only 10% query budget of its. QUDA issued a warning that solely relying on the limited numbers of queries or the confidentiality of training data is not reliable to protect model’s security and privacy. Potential countermeasures, such as detection-based defense approach, are also provided.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124864920","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Formalising Application-Driven Authentication & Access-Control based on Users’ Companion Devices","authors":"C. Culnane, Ioana Boureanu, Jean Snyman, S. Wesemeyer, H. Treharne","doi":"10.1145/3579856.3595800","DOIUrl":"https://doi.org/10.1145/3579856.3595800","url":null,"abstract":"We define and formalise a generic cryptographic construction that underpins coupling of companion devices, e.g., biometrics-enabled devices, with main devices (e.g., PCs), in a user-aware manner, mainly for on-demand authentication and secure storage for applications running on the main device. We define the security requirements of such constructions, provide a full instantiation in a protocol-suite and prove its computational as well as Dolev-Yao security. Finally, we implement our protocol suite and one password-manager use-case.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124976003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"POSTER: Performance Characterization of Binarized Neural Networks in Traffic Fingerprinting","authors":"Yiyan Wang, T. Dahanayaka, Guillaume Jourjon, Suranga Seneviratne","doi":"10.1145/3579856.3592827","DOIUrl":"https://doi.org/10.1145/3579856.3592827","url":null,"abstract":"Traffic fingerprinting allows making inferences about encrypted traffic flows through passive observation. They have been used for tasks such as network performance management and analytics and in attacker settings such as censorship and surveillance. A key challenge when implementing traffic fingerprinting in real-time settings is how the state-of-the-art traffic fingerprint models can be ported into programmable in-network computing devices with limited computing resources. Towards this, in this work, we characterize the performance of binarized traffic fingerprinting neural networks that are efficient and well-suited for in-network computing devices and propose a new data encoding method that is better suited for network traffic. Overall, we show that the proposed binary neural network with first-layer binarization and last-layer quantization reduces the performance requirement of hardware equipment while retaining the accuracies of those models of binary datasets over 70%. Furthermore, when combined with our proposed encoding algorithm, accuracies of binarized models of numeric datasets show further improvements to achieve over 65% accuracy.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127563217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An Evaluation Framework for Intrusion Prevention Systems on Serial Data Bus Networks","authors":"M. Rogers, K. Rasmussen","doi":"10.1145/3579856.3582810","DOIUrl":"https://doi.org/10.1145/3579856.3582810","url":null,"abstract":"Serial data bus networks are a crucial and vulnerable part of modern vehicles and weapons systems. Increasing concern over these networks is resulting in increased demand for intrusion prevention systems (IPSes) to stop attacks, not just detect them with an intrusion detection system (IDS). Considerations must be made to avoid the IPS becoming a de facto attacker. A defender needs to understand what attacks their IPS can safely prevent and how an attacker might circumvent their system. To enable this understanding, we propose a protocol-agnostic evaluation framework which: determines the viability of an IPS for different attack vectors, scores the suitability of an IDS to powering an IPS for certain attacks, and scores the efficacy of the IDS itself against those same attacks. With our framework we analyze IDS and IPS technologies for the CAN and MIL-STD-1553 serial data bus networks. These case studies demonstrate how a defender can use our framework to identify limitations in their IDS, while gearing the aspects of the IDS that work best towards safely powering an IPS. Our framework allows a defender to approach any potential security system fully aware of its limitations and how well it serves their own threat model.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"178 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122005337","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Sfitag: Efficient Software Fault Isolation with Memory Tagging for ARM Kernel Extensions","authors":"Jiwon Seo, Junseung You, Yungi Cho, Yeongpil Cho, Donghyun Kwon, Y. Paek","doi":"10.1145/3579856.3590341","DOIUrl":"https://doi.org/10.1145/3579856.3590341","url":null,"abstract":"As ARM is becoming more popular in today’s processor market, the OS kernel on ARM is gradually bloated to meet the market demand for more sophisticated services by absorbing diverse kernel extensions. Since this kernel bloating inevitably increases the attack surface, there has been a continuous effort to decrease the surface by dissociating or isolating untrusted extensions from the kernel. One approach in this effort is using software fault isolation (SFI) that instruments memory and control-transfer instructions to prevent isolated extensions from having unauthorized accesses to memory regions of the core kernel. Being implementable in pure software has been considered the greatest strength of SFI and thus popularly adopted by engineers to isolate kernel extensions, but software versions of SFI mostly suffer from high performance overhead, which can be a critical drawback for performance-sensitive mobile devices that overwhelmingly use ARM CPUs. The purpose of our work, named as Sfitag, is to make SFI for ARM kernel extensions more efficient by leveraging the hardware support from the latest ARM AArch64 architecture, called the ARM8.5-A memory tagging extension (MTE). For efficiency, Sfitag relies on MTE support when it allocates a tag value different from the core kernel for untrusted extensions and enforces extensions to use that value as a tag for pointers and memory objects. Consequently, in Sfitag, accessing the core kernel memory is legitimate only when the tag of a pointer matches the value of the kernel tag, which by means of MTE in effect enables us to safely confine unexpected and buggy behaviors of extensions within the space isolated from the kernel. Through our evaluation, we prove the effectiveness of Sfitag by showing that our MTE-supported SFI efficiently enforces isolation for extensions just with 1% slowdown on the throughput of a network driver and 5.7% on a block device driver.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131993711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}