Annual Computer Security Applications Conference最新文献

{"title":"2D-2FA: A New Dimension in Two-Factor Authentication","authors":"Maliheh Shirvanian, Shashank Agrawal","doi":"10.1145/3485832.3485910","DOIUrl":"https://doi.org/10.1145/3485832.3485910","url":null,"abstract":"We propose a two-factor authentication (2FA) mechanism called 2D-2FA to address security and usability issues in existing methods. 2D-2FA has three distinguishing features: First, after a user enters a username and password on a login terminal, a unique identifier is displayed to her. She inputs the same identifier on her registered 2FA device, which ensures appropriate engagement in the authentication process. Second, a one-time PIN is computed on the device and automatically transferred to the server. Thus, the PIN can have very high entropy, making guessing attacks infeasible. Third, the identifier is also incorporated into the PIN computation, which renders concurrent attacks ineffective. Third-party services such as push-notification providers and 2FA service providers, do not need to be trusted for the security of the system. The choice of identifiers depends on the device form factor and the context. Users could choose to draw patterns, capture QR codes, etc. We provide a proof of concept implementation, and evaluate performance, accuracy, and usability of the system. We show that the system offers a lower error rate (about half) and better efficiency (2-3 times faster) compared to the commonly used PIN-2FA. Our study indicates a high level of usability with a SUS of 75, and a high perception of efficiency, security, accuracy, and adoptability.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131159384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Characterizing Improper Input Validation Vulnerabilities of Mobile Crowdsourcing Services","authors":"Sojhal Ismail Khan, Dominika Woszczyk, Chengzeng You, Soteris Demetriou, Muhammad Naveed","doi":"10.1145/3485832.3485888","DOIUrl":"https://doi.org/10.1145/3485832.3485888","url":null,"abstract":"Mobile crowdsourcing services (MCS), enable fast and economical data acquisition at scale and find applications in a variety of domains. Prior work has shown that Foursquare and Waze (a location-based and a navigation MCS) are vulnerable to different kinds of data poisoning attacks. Such attacks can be upsetting and even dangerous especially when they are used to inject improper inputs to mislead users. However, to date, there is no comprehensive study on the extent of improper input validation (IIV) vulnerabilities and the feasibility of their exploits in MCSs across domains. In this work, we leverage the fact that MCS interface with their participants through mobile apps to design tools and new methodologies embodied in an end-to-end feedback-driven analysis framework which we use to study 10 popular and previously unexplored services in five different domains. Using our framework we send tens of thousands of API requests with automatically generated input values to characterize their IIV attack surface. Alarmingly, we found that most of them (8/10) suffer from grave IIV vulnerabilities which allow an adversary to launch data poisoning attacks at scale: 7400 spoofed API requests were successful in faking online posts for robberies, gunshots, and other dangerous incidents, faking fitness activities with supernatural speeds and distances among many others. Lastly, we discuss easy to implement and deploy mitigation strategies which can greatly reduce the IIV attack surface and argue for their use as a necessary complementary measure working toward trustworthy mobile crowdsourcing services.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128710442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mitosis: Practically Scaling Permissioned Blockchains","authors":"G. Marson, Sébastien Andreina, Lorenzo Alluminio, Konstantin Munichev, Ghassan O. Karame","doi":"10.1145/3485832.3485915","DOIUrl":"https://doi.org/10.1145/3485832.3485915","url":null,"abstract":"Scalability remains one of the biggest challenges to the adoption of permissioned blockchain technologies for large-scale deployments. Namely, permissioned blockchains typically exhibit low latencies, compared to permissionless deployments—however at the cost of poor scalability. As a remedy, various solutions were proposed to capture “the best of both worlds”, targeting low latency and high scalability simultaneously. Among these, blockchain sharding emerges as the most prominent technique. Most existing sharding proposals exploit features of the permissionless model and are therefore restricted to cryptocurrency applications. A few permissioned sharding proposals exist, however, they either make strong trust assumptions on the number of faulty nodes or rely on trusted hardware or assume a static participation model where all nodes are expected to be available all the time. In practice, nodes may join and leave the system dynamically, which makes it challenging to establish how to shard and when. In this work, we address this problem and present Mitosis, a novel approach to practically improve scalability of permissioned blockchains. Our system allows the dynamic creation of blockchains, as more participants join the system, to meet practical scalability requirements. Crucially, it enables the division of an existing blockchain (and its participants) into two—reminiscent of mitosis, the biological process of cell division. Mitosis inherits the low latency of permissioned blockchains while preserving high throughput via parallel processing. Newly created chains in our system are fully autonomous, can choose their own consensus protocol, and yet they can interact with each other to share information and assets—meeting high levels of interoperability. We analyse the security of Mitosis and evaluate experimentally the performance of our solution when instantiated over Hyperledger Fabric. Our results show that Mitosis can be ported with little modifications and manageable overhead to existing permissioned blockchains, such as Hyperledger Fabric. As far as we are aware, Mitosis emerges as the first workable and practical solution to scale existing permissioned blockchains.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127608390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems","authors":"Niclas Kühnapfel, S. Preussler, Maximilian Noppel, T. Schneider, Konrad Rieck, Christian Wressnegger","doi":"10.1145/3485832.3485911","DOIUrl":"https://doi.org/10.1145/3485832.3485911","url":null,"abstract":"Physical isolation, so called air-gapping, is an effective method for protecting security-critical computers and networks. While it might be possible to introduce malicious code through the supply chain, insider attacks, or social engineering, communicating with the outside world is prevented. Different approaches to breach this essential line of defense have been developed based on electromagnetic, acoustic, and optical communication channels. However, all of these approaches are limited in either data rate or distance, and frequently offer only exfiltration of data. We present a novel approach to infiltrate data to air-gapped systems without any additional hardware on-site. By aiming lasers at already built-in LEDs and recording their response, we are the first to enable a long-distance (25 m), bidirectional, and fast (18.2 kbps in & 100 kbps out) covert communication channel. The approach can be used against any office device that operates LEDs at the CPU’s GPIO interface.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"177 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114854271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"dStyle-GAN: Generative Adversarial Network based on Writing and Photography Styles for Drug Identification in Darknet Markets","authors":"Yiming Zhang, Y. Qian, Yujie Fan, Yanfang Ye, Xin Li, Qi Xiong, Fudong Shao","doi":"10.1145/3427228.3427603","DOIUrl":"https://doi.org/10.1145/3427228.3427603","url":null,"abstract":"Despite the persistent effort by law enforcement, illicit drug trafficking in darknet markets has shown great resilience with new markets rapidly appearing after old ones being shut down. In order to more effectively detect, disrupt and dismantle illicit drug trades, there’s an imminent need to gain a deeper understanding toward the operations and dynamics of illicit drug trading activities. To address this challenge, in this paper, we design and develop an intelligent system (named dSytle-GAN) to automate the analysis for drug identification in darknet markets, by considering both content-based and style-aware information. To determine whether a given pair of posted drugs are the same or not, in dStyle-GAN, based on the large-scale data collected from darknet markets, we first present an attributed heterogeneous information network (AHIN) to depict drugs, vendors, texts and writing styles, photos and photography styles, and the rich relations among them; and then we propose a novel generative adversarial network (GAN) based model over AHIN to capture the underlying distribution of posted drugs’ writing and photography styles to learn robust representations of drugs for their identifications. Unlike existing approaches, our proposed GAN-based model jointly considers the heterogeneity of network and relatedness over drugs formulated by domain-specific meta-paths for robust node (i.e., drug) representation learning. To the best of our knowledge, the proposed dStyle-GAN represents the first principled GAN-based solution over graphs to simultaneously consider writing and photography styles as well as their latent distributions for node representation learning. Extensive experimental results based on large-scale datasets collected from six darknet markets and the obtained ground-truth demonstrate that dStyle-GAN outperforms the state-of-the-art methods. Based on the identified drug pairs in the wild by dStyle-GAN, we perform further analysis to gain deeper insights into the dynamics and evolution of illicit drug trading activities in darknet markets, whose findings may facilitate law enforcement for proactive interventions.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121061591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"NoSQL Breakdown: A Large-scale Analysis of Misconfigured NoSQL Services","authors":"Dario Ferrari, Michele Carminati, Mario Polino, S. Zanero","doi":"10.1145/3427228.3427260","DOIUrl":"https://doi.org/10.1145/3427228.3427260","url":null,"abstract":"In the last years, NoSQL databases have grown in popularity due to their easy-to-deploy, reliable, and scalable storage mechanism. While most NoSQL services offer access control mechanisms, their default configurations grant access without any form of authentication, resulting in misconfigurations that may expose data to the Internet, as demonstrated by the recent high-profile data leaks. In this paper, we investigate the usage of the most popular NoSQL databases, focusing on automatically analyzing and discovering misconfigurations that may lead to security and privacy issues. We developed a tool that automatically scans large IP subnets to detect the exposed services and performs security analyses without storing nor exposing sensitive data. We analyzed 67,725,641 IP addresses between October 2019 and March 2020, spread across several Cloud Service Providers (CSPs), and found 12,276 misconfigured databases. The risks associated with exposed services range from data leaking, which may pose a significant menace to users’ privacy, to data tampering of resources stored in the vulnerable databases, which may pose a relevant threat to a web service reputation. Regarding the last point, we found 742 potentially vulnerable websites linked to misconfigured instances with the write permission enabled to anonymous users.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122475405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Faulty Point Unit: ABI Poisoning Attacks on Intel SGX","authors":"F. Alder, Jo Van Bulck, David F. Oswald, F. Piessens","doi":"10.1145/3427228.3427270","DOIUrl":"https://doi.org/10.1145/3427228.3427270","url":null,"abstract":"This paper analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact supposedly secure floating-point computations in Intel SGX enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 widely used industry-standard and research enclave shielding runtimes, we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions (SSE) are not always properly sanitized on enclave entry. First, we abuse the adversary’s control over precision and rounding modes as a novel “ABI-level fault injection” primitive to silently corrupt enclaved floating-point operations, enabling a new class of stealthy, integrity-only attacks that disturb the result of SGX enclave computations. Our analysis reveals that this threat is especially relevant for applications that use the older x87 FPU, which is still being used under certain conditions for high-precision operations by modern compilers like gcc. We exemplify the potential impact of ABI-level quality-degradation attacks in a case study of an enclaved machine learning service and in a larger analysis on the SPEC benchmark programs. Second, we explore the impact on enclave confidentiality by showing that the adversary’s control over floating-point exception masks can be abused as an innovative controlled channel to detect FPU usage and to recover enclaved multiplication operands in certain scenarios. Our findings, affecting 5 out of the 7 studied runtimes, demonstrate the fallacy and challenges of implementing high-assurance trusted execution environments on contemporary x86 hardware. We responsibly disclosed our findings to the vendors and were assigned two CVEs, leading to patches in the Intel SGX-SDK, Microsoft OpenEnclave, the Rust compiler’s SGX target, and Go-TEE.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122083572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings","authors":"Paul Muntean, Mathias Neumayer, Zhiqiang Lin, Gang Tan, Jens Grossklags, C. Eckert","doi":"10.1145/3427228.3427246","DOIUrl":"https://doi.org/10.1145/3427228.3427246","url":null,"abstract":"In this paper, we propose reversed forward-edge mapper (ρFEM), a Clang/LLVM compiler-based tool, to protect the backward edges of a program’s control flow graph (CFG) against runtime control-flow hijacking (e.g., code reuse attacks). It protects backward-edge transfers in C/C++ originating from virtual and non-virtual functions by first statically constructing a precise virtual table hierarchy, with which to form a precise forward-edge mapping between callees and non-virtual calltargets based on precise function signatures, and then checks each instrumented callee return against the previously computed set at runtime. We have evaluated ρFEM using the Chrome browser, NodeJS, Nginx, Memcached, and the SPEC CPU2017 benchmark. Our results show that ρFEM enforces less than 2.77 return targets per callee in geomean, even for applications heavily relying on backward edges. ρFEM’s runtime overhead is less than 1% in geomean for the SPEC CPU2017 benchmark and 3.44% in geomean for the Chrome browser.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129759763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis","authors":"Mingeun Kim, Dongkwan Kim, Eunsoo Kim, Suryeon Kim, Yeongjin Jang, Yongdae Kim","doi":"10.1145/3427228.3427294","DOIUrl":"https://doi.org/10.1145/3427228.3427294","url":null,"abstract":"One approach to assess the security of embedded IoT devices is applying dynamic analysis such as fuzz testing to their firmware in scale. To this end, existing approaches aim to provide an emulation environment that mimics the behavior of real hardware/peripherals. Nonetheless, in practice, such approaches can emulate only a small fraction of firmware images. For example, Firmadyne, a state-of-the-art tool, can only run 183 (16.28%) of 1,124 wireless router/IP-camera images that we collected from the top eight manufacturers. Such a low emulation success rate is caused by discrepancy in the real and emulated firmware execution environment. In this study, we analyzed the emulation failure cases in a large-scale dataset to figure out the causes of the low emulation rate. We found that widespread failure cases often avoided by simple heuristics despite having different root causes, significantly increasing the emulation success rate. Based on these findings, we propose a technique, arbitrated emulation, and we systematize several heuristics as arbitration techniques to address these failures. Our automated prototype, FirmAE, successfully ran 892 (79.36%) of 1,124 firmware images, including web servers, which is significantly (≈ 4.8x) more images than that run by Firmadyne. Finally, by applying dynamic testing techniques on the emulated images, FirmAE could check 320 known vulnerabilities (306 more than Firmadyne), and also find 12 new 0-days in 23 devices.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127708106","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Practical Fine-Grained Binary Code Randomization†","authors":"S. Priyadarshan, Huan Nguyen","doi":"10.1145/3427228.3427292","DOIUrl":"https://doi.org/10.1145/3427228.3427292","url":null,"abstract":"Despite its effectiveness against code reuse attacks, fine-grained code randomization has not been deployed widely due to compatibility as well as performance concerns. Previous techniques often needed source code access to achieve good performance, but this breaks compatibility with today’s binary-based software distribution and update mechanisms. Moreover, previous techniques break C++ exceptions and stack tracing, which are crucial for practical deployment. In this paper, we first propose a new, tunable randomization technique called LLR(k) that is compatible with these features. Since the metadata needed to support exceptions/stack-tracing can reveal considerable information about code layout, we propose a new entropy metric that accounts for leaks of this metadata. We then present a novel metadata reduction technique to significantly increase entropy without degrading exception handling. This enables LLR(k) to achieve strong entropy with a low overhead of 2.26%.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"294 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115133708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}