发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security最新文献

筛选
英文 中文
Capturing Malware Propagations with Code Injections and Code-Reuse Attacks 通过代码注入和代码重用攻击捕获恶意软件传播
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3134099
D. Korczynski, Heng Yin
{"title":"Capturing Malware Propagations with Code Injections and Code-Reuse Attacks","authors":"D. Korczynski, Heng Yin","doi":"10.1145/3133956.3134099","DOIUrl":"https://doi.org/10.1145/3133956.3134099","url":null,"abstract":"Defending against malware involves analysing large amounts of suspicious samples. To deal with such quantities we rely heavily on automatic approaches to determine whether a sample is malicious or not. Unfortunately, complete and precise automatic analysis of malware is far from an easy task. This is because malware is often designed to contain several techniques and countermeasures specifically to hinder analysis. One of these techniques is for the malware to propagate through the operating system so as to execute in the context of benign processes. The malware does this by writing memory to a given process and then proceeds to have this memory execute. In some cases these propagations are trivial to capture because they rely on well-known techniques. However, in the cases where malware deploys novel code injection techniques, rely on code-reuse attacks and potentially deploy dynamically generated code, the problem of capturing a complete and precise view of the malware execution is non-trivial. In this paper we present a unified approach to tracing malware propagations inside the host in the context of code injections and code-reuse attacks. We also present, to the knowledge of the authors, the first approach to identifying dynamically generated code based on information-flow analysis. We implement our techniques in a system called Tartarus and match Tartarus with both synthetic applications and real-world malware. We compare Tartarus to previous works and show that our techniques substantially improve the precision for collecting malware execution traces, and that our approach can capture intrinsic characteristics of novel code injection techniques.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132410434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Security and Machine Learning 安全和机器学习
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3134108
D. Wagner
{"title":"Security and Machine Learning","authors":"D. Wagner","doi":"10.1145/3133956.3134108","DOIUrl":"https://doi.org/10.1145/3133956.3134108","url":null,"abstract":"Machine learning has seen increasing use for a wide range of practical applications. What are the security implications of relying upon machine learning in these settings? Recent research suggests that modern machine learning methods are fragile and easily attacked, which raises concerns about their use in security-critical settings. This talk will explore several attacks on machine learning and survey directions for making machine learning more robust against attack.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128860244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
CCSW'17: 2017 ACM Cloud Computing Security 2017 ACM云计算安全
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3137050
Ghassan O. Karame, A. Stavrou
{"title":"CCSW'17: 2017 ACM Cloud Computing Security","authors":"Ghassan O. Karame, A. Stavrou","doi":"10.1145/3133956.3137050","DOIUrl":"https://doi.org/10.1145/3133956.3137050","url":null,"abstract":"The use and prevalence of cloud and large-scale computing infrastructures is increasing. They are projected to be a dominant trend in computing for the foreseeable future: major cloud operators are now estimated to house millions of machines each and to host substantial (and growing) fractions of corporate and government IT and web infrastructure. CCSW is a forum for bringing together researchers and practitioners to discuss the challenges and implications of current and future trends to the security of cloud operators, tenants, and the larger Internet community. Of special interest are the security challenges from the integration of cloud infrastructures with IoT and mobile application deployments. CCSW welcomes submissions on new threats, countermeasures, and opportunities brought about by the move to cloud computing, with a preference for unconventional approaches, as well as measurement studies and case studies that shed light on the security implications of cloud infrastructure and use cases.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125427801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
DEMO: Akatosh: Automated Cyber Incident Verification and Impact Analysis 演示:Akatosh:自动网络事件验证和影响分析
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3138854
Jared M. Smith, Elliot Greenlee, Aaron Ferber
{"title":"DEMO: Akatosh: Automated Cyber Incident Verification and Impact Analysis","authors":"Jared M. Smith, Elliot Greenlee, Aaron Ferber","doi":"10.1145/3133956.3138854","DOIUrl":"https://doi.org/10.1145/3133956.3138854","url":null,"abstract":"Akatosh, a U.S. Department of Homeland Security Transition to Practice Program (TTP) project developed by Oak Ridge National Laboratory with industry and academic partnership, enables automated, real-time forensic analysis of endpoints after malware-attacks and other cyber security incidents by automatically maintaining detailed snapshots of host-level activity on endpoints over time. It achieves this by integrating intrusion detection systems (IDS) with forensic tools. The combination allows Akatosh to collect vast amounts of endpoint data and assists in verifying, tracking, and analyzing endpoints in real time. This provides operations personnel and analysts as well as managers and executives with continuous feedback on the impact of malicious software and other security incidents on endpoints in their network.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123468608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
A Fast and Verified Software Stack for Secure Function Evaluation 一种快速且经过验证的安全功能评估软件栈
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3134017
J. Almeida, M. Barbosa, G. Barthe, François Dupressoir, B. Grégoire, Vincent Laporte, Vitor Pereira
{"title":"A Fast and Verified Software Stack for Secure Function Evaluation","authors":"J. Almeida, M. Barbosa, G. Barthe, François Dupressoir, B. Grégoire, Vincent Laporte, Vitor Pereira","doi":"10.1145/3133956.3134017","DOIUrl":"https://doi.org/10.1145/3133956.3134017","url":null,"abstract":"We present a high-assurance software stack for secure function evaluation (SFE). Our stack consists of three components: i. a verified compiler (CircGen) that translates C programs into Boolean circuits; ii. a verified implementation of Yao's SFE protocol based on garbled circuits and oblivious transfer; and iii. transparent application integration and communications via FRESCO, an open-source framework for secure multiparty computation (MPC). CircGen is a general purpose tool that builds on CompCert, a verified optimizing compiler for C. It can be used in arbitrary Boolean circuit-based cryptography deployments. The security of our SFE protocol implementation is formally verified using EasyCrypt, a tool-assisted framework for building high-confidence cryptographic proofs, and it leverages a new formalization of garbled circuits based on the framework of Bellare, Hoang, and Rogaway (CCS 2012). We conduct a practical evaluation of our approach, and conclude that it is competitive with state-of-the-art (unverified) approaches. Our work provides concrete evidence of the feasibility of building efficient, verified, implementations of higher-level cryptographic systems. All our development is publicly available.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"632 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122948081","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
Scaling ORAM for Secure Computation 为安全计算扩展ORAM
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3133967
Jack Doerner, Abhi Shelat
{"title":"Scaling ORAM for Secure Computation","authors":"Jack Doerner, Abhi Shelat","doi":"10.1145/3133956.3133967","DOIUrl":"https://doi.org/10.1145/3133956.3133967","url":null,"abstract":"We design and implement a Distributed Oblivious Random Access Memory (DORAM) data structure that is optimized for use in two-party secure computation protocols. We improve upon the access time of previous constructions by a factor of up to ten, their memory overhead by a factor of one hundred or more, and their initialization time by a factor of thousands. We are able to instantiate ORAMs that hold 234 bytes, and perform operations on them in seconds, which was not previously feasible with any implemented scheme. Unlike prior ORAM constructions based on hierarchical hashing, permutation, or trees, our Distributed ORAM is derived from the new Function Secret Sharing scheme introduced by Boyle, Gilboa and Ishai. This significantly reduces the amount of secure computation required to implement an ORAM access, albeit at the cost of O(n) efficient local memory operations. We implement our construction and find that, despite its poor O(n) asymptotic complexity, it still outperforms the fastest previously known constructions, Circuit ORAM and Square-root ORAM, for datasets that are 32 KiB or larger, and outperforms prior work on applications such as stable matching or binary search by factors of two to ten.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122299771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 155
Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs 密码程序中低级数学结构代数性质的认证验证
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3134076
M. Tsai, Bow-Yaw Wang, Bo-Yin Yang
{"title":"Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs","authors":"M. Tsai, Bow-Yaw Wang, Bo-Yin Yang","doi":"10.1145/3133956.3134076","DOIUrl":"https://doi.org/10.1145/3133956.3134076","url":null,"abstract":"Mathematical constructs are necessary for computation on the underlying algebraic structures of cryptosystems. They are often written in assembly language and optimized manually for efficiency. We develop a certified technique to verify low-level mathematical constructs in X25519, the default elliptic curve Diffie-Hellman key exchange protocol used in OpenSSH. Our technique translates an algebraic specification of mathematical constructs into an algebraic problem. The algebraic problem in turn is solved by the computer algebra system Singular. The proof assistant Coq certifies the translation and solution to algebraic problems. Specifications about output ranges and potential program overflows are translated to SMT problems and verified by SMT solvers. We report our case studies on verifying arithmetic computation over a large finite field and the Montgomery Ladderstep, a crucial loop in X25519.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"175 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114099055","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
CCS'17 Tutorial Abstract / SGX Security and Privacy CCS'17教程摘要/ SGX安全和隐私
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3136068
Taesoo Kim, Zhiqiang Lin, Chia-che Tsai
{"title":"CCS'17 Tutorial Abstract / SGX Security and Privacy","authors":"Taesoo Kim, Zhiqiang Lin, Chia-che Tsai","doi":"10.1145/3133956.3136068","DOIUrl":"https://doi.org/10.1145/3133956.3136068","url":null,"abstract":"In this tutorial, we will first introduce the basic concepts of Intel SGX, its development workflows, potential applications and performance characteristics. Then, we will explain known security concerns, including cache/branch side-channel attacks and memory safety issues, and corresponding defenses with various working demos. Last but not least, we will introduce various ways to quickly start writing SGX applications, especially by utilizing library OSes or thin shielding layers; we will explain the pros and cons of each approach in terms of security and usability.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"137 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121393488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration VibWrite:通过物理振动在无处不在的表面上实现手指输入认证
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3133964
Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena
{"title":"VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration","authors":"Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena","doi":"10.1145/3133956.3133964","DOIUrl":"https://doi.org/10.1145/3133956.3133964","url":null,"abstract":"The goal of this work is to enable user authentication via finger inputs on ubiquitous surfaces leveraging low-cost physical vibration. We propose VibWrite that extends finger-input authentication beyond touch screens to any solid surface for smart access systems (e.g., access to apartments, vehicles or smart appliances). It integrates passcode, behavioral and physiological characteristics, and surface dependency together to provide a low-cost, tangible and enhanced security solution. VibWrite builds upon a touch sensing technique with vibration signals that can operate on surfaces constructed from a broad range of materials. It is significantly different from traditional password-based approaches, which only authenticate the password itself rather than the legitimate user, and the behavioral biometrics-based solutions, which usually involve specific or expensive hardware (e.g., touch screen or fingerprint reader), incurring privacy concerns and suffering from smudge attacks. VibWrite is based on new algorithms to discriminate fine-grained finger inputs and supports three independent passcode secrets including PIN number, lock pattern, and simple gestures by extracting unique features in the frequency domain to capture both behavioral and physiological characteristics such as contacting area, touching force, and etc. VibWrite is implemented using a single pair of low-cost vibration motor and receiver that can be easily attached to any surface (e.g., a door panel, a desk or an appliance). Our extensive experiments demonstrate that VibWrite can authenticate users with high accuracy (e.g., over 95% within two trials), low false positive rate (e.g., less 3%) and is robust to various types of attacks.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132533130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 82
RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking RAIN:基于按需进程间信息流跟踪的可细化攻击调查
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI: 10.1145/3133956.3134045
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, M. Fazzini, Taesoo Kim, A. Orso, Wenke Lee
{"title":"RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking","authors":"Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, M. Fazzini, Taesoo Kim, A. Orso, Wenke Lee","doi":"10.1145/3133956.3134045","DOIUrl":"https://doi.org/10.1145/3133956.3134045","url":null,"abstract":"As modern attacks become more stealthy and persistent, detecting or preventing them at their early stages becomes virtually impossible. Instead, an attack investigation or provenance system aims to continuously monitor and log interesting system events with minimal overhead. Later, if the system observes any anomalous behavior, it analyzes the log to identify who initiated the attack and which resources were affected by the attack and then assess and recover from any damage incurred. However, because of a fundamental tradeoff between log granularity and system performance, existing systems typically record system-call events without detailed program-level activities (e.g., memory operation) required for accurately reconstructing attack causality or demand that every monitored program be instrumented to provide program-level information. To address this issue, we propose RAIN, a Refinable Attack INvestigation system based on a record-replay technology that records system-call events during runtime and performs instruction-level dynamic information flow tracking (DIFT) during on-demand process replay. Instead of replaying every process with DIFT, RAIN conducts system-call-level reachability analysis to filter out unrelated processes and to minimize the number of processes to be replayed, making inter-process DIFT feasible. Evaluation results show that RAIN effectively prunes out unrelated processes and determines attack causality with negligible false positive rates. In addition, the runtime overhead of RAIN is similar to existing system-call level provenance systems and its analysis overhead is much smaller than full-system DIFT.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"34 7","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133622841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 95
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信