2014 IEEE Symposium on Security and Privacy最新文献_第2页

Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces 隐藏的宝石:自动发现图形用户界面中的访问控制漏洞

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.17

Collin Mulliner, William K. Robertson, E. Kirda

{"title":"Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces","authors":"Collin Mulliner, William K. Robertson, E. Kirda","doi":"10.1109/SP.2014.17","DOIUrl":"https://doi.org/10.1109/SP.2014.17","url":null,"abstract":"Graphical user interfaces (GUIs) are the predominant means by which users interact with modern programs. GUIs contain a number of common visual elements or widgets such as labels, text fields, buttons, and lists, and GUIs typically provide the ability to set attributes on these widgets to control their visibility, enabled status, and whether they are writable. While these attributes are extremely useful to provide visual cues to users to guide them through an application's GUI, they can also be misused for purposes they were not intended. In particular, in the context of GUI-based applications that include multiple privilege levels within the application, GUI element attributes are often misused as a mechanism for enforcing access control policies. In this work, we introduce GEMs, or instances of GUI element misuse, as a novel class of access control vulnerabilities in GUI-based applications. We present a classification of different GEMs that can arise through misuse of widget attributes, and describe a general algorithm for identifying and confirming the presence of GEMs in vulnerable applications. We then present GEM Miner, an implementation of our GEM analysis for the Windows platform. We evaluate GEM Miner over a test set of three complex, real-world GUI-based applications targeted at the small business and enterprise markets, and demonstrate the efficacy of our analysis by finding numerous previously unknown access control vulnerabilities in these applications. We have reported the vulnerabilities we discovered to the developers of each application, and in one case have received confirmation of the issue.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128959301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 10

From Zygote to Morula: Fortifying Weakened ASLR on Android 从Zygote到Morula:强化Android上的弱化ASLR

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.34

Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, Wenke Lee

{"title":"From Zygote to Morula: Fortifying Weakened ASLR on Android","authors":"Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, Wenke Lee","doi":"10.1109/SP.2014.34","DOIUrl":"https://doi.org/10.1109/SP.2014.34","url":null,"abstract":"There have been many research efforts to secure Android applications and the high-level system mechanisms. The low-level operating system designs have been overlooked partially due to the belief that security issues at this level are similar to those on Linux, which are well-studied. However, we identify that certain Android modifications are at odds with security and result in serious vulnerabilities that need to be addressed immediately. In this paper, we analyze the Zygote process creation model, an Android operating system design for speeding up application launches. Zygote weakens Address Space Layout Randomization (ASLR) because all application processes are created with largely identical memory layouts. We design both remote and local attacks capable of bypassing the weakened ASLR and executing return-oriented programming on Android. We demonstrate the attacks using real applications, such as the Chrome Browser and VLC Media Player. Further, we design and implement Morula, a secure replacement for Zygote. Morula introduces a small amount of code to the Android operating system and can be easily adopted by device vendors. Our evaluation shows that, compared to Zygote, Morula incurs a 13 MB memory increase for each running application but allows each Android process to have an individually randomized memory layout and even a slightly shorter average launch time.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"154 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114466030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 53

Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections 在线狩猎红狐:理解和检测大规模重定向脚本注入

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.8

Zhou Li, Sumayah A. Alrwais, Xiaofeng Wang, Eihal Alowaisheq

{"title":"Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections","authors":"Zhou Li, Sumayah A. Alrwais, Xiaofeng Wang, Eihal Alowaisheq","doi":"10.1109/SP.2014.8","DOIUrl":"https://doi.org/10.1109/SP.2014.8","url":null,"abstract":"Compromised websites that redirect web traffic to malicious hosts play a critical role in organized web crimes, serving as doorways to all kinds of malicious web activities (e.g., drive-by downloads, phishing etc.). They are also among the most elusive components of a malicious web infrastructure and extremely difficult to hunt down, due to the simplicity of redirect operations, which also happen on legitimate sites, and extensive use of cloaking techniques. Making the detection even more challenging is the recent trend of injecting redirect scripts into JavaScript (JS) files, as those files are not indexed by search engines and their infections are therefore more difficult to catch. In our research, we look at the problem from a unique angle: the adversary's strategy and constraints for deploying redirect scripts quickly and stealthily. Specifically, we found that such scripts are often blindly injected into both JS and HTML files for a rapid deployment, changes to the infected JS files are often made minimum to evade detection and also many JS files are actually JS libraries (JS-libs) whose uninfected versions are publicly available. Based upon those observations, we developed JsRED, a new technique for the automatic detection of unknown redirect-script injections. Our approach analyzes the difference between a suspicious JS-lib file and its clean counterpart to identify malicious redirect scripts and further searches for similar scripts in other JS and HTML files. This simple, lightweight approach is found to work effectively against redirect injection campaigns: our evaluation shows that JsRED captured most of compromised websites with almost no false positives, significantly outperforming a commercial detection service in terms of finding unknown JS infections. Based upon the compromised websites reported by JsRED, we further conducted a measurement study that reveals interesting features of redirect payloads and a new Peer-to-Peer network the adversary constructed to evade detection.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"136 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124652300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 39

Blind Seer: A Scalable Private DBMS 盲视者:一个可扩展的私有DBMS

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.30

Vasilis Pappas, Fernando Krell, B. Vo, V. Kolesnikov, T. Malkin, Seung Geol Choi, Wesley George, A. Keromytis, S. Bellovin

{"title":"Blind Seer: A Scalable Private DBMS","authors":"Vasilis Pappas, Fernando Krell, B. Vo, V. Kolesnikov, T. Malkin, Seung Geol Choi, Wesley George, A. Keromytis, S. Bellovin","doi":"10.1109/SP.2014.30","DOIUrl":"https://doi.org/10.1109/SP.2014.30","url":null,"abstract":"Query privacy in secure DBMS is an important feature, although rarely formally considered outside the theoretical community. Because of the high overheads of guaranteeing privacy in complex queries, almost all previous works addressing practical applications consider limited queries (e.g., just keyword search), or provide a weak guarantee of privacy. In this work, we address a major open problem in private DB: efficient sub linear search for arbitrary Boolean queries. We consider scalable DBMS with provable security for all parties, including protection of the data from both server (who stores encrypted data) and client (who searches it), as well as protection of the query, and access control for the query. We design, build, and evaluate the performance of a rich DBMS system, suitable for real-world deployment on today medium-to large-scale DBs. On a modern server, we are able to query a formula over 10TB, 100M-record DB, with 70 searchable index terms per DB row, in time comparable to (insecure) MySQL (many practical queries can be privately executed with work 1.2-3 times slower than MySQL, although some queries are costlier). We support a rich query set, including searching on arbitrary boolean formulas on keywords and ranges, support for stemming, and free keyword searches over text fields. We identify and permit a reasonable and controlled amount of leakage, proving that no further leakage is possible. In particular, we allow leakage of some search pattern information, but protect the query and data, provide a high level of privacy for individual terms in the executed search formula, and hide the difference between a query that returned no results and a query that returned a very small result set. We also support private and complex access policies, integrated in the search process so that a query with empty result set and a query that fails the policy are hard to tell apart.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"183 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134158886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 259

Automating Isolation and Least Privilege in Web Services 在Web服务中自动化隔离和最小权限

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.16

Aaron Blankstein, M. Freedman

{"title":"Automating Isolation and Least Privilege in Web Services","authors":"Aaron Blankstein, M. Freedman","doi":"10.1109/SP.2014.16","DOIUrl":"https://doi.org/10.1109/SP.2014.16","url":null,"abstract":"In many client-facing applications, a vulnerability in any part can compromise the entire application. This paper describes the design and implementation of Passe, a system that protects a data store from unintended data leaks and unauthorized writes even in the face of application compromise. Passe automatically splits (previously shared-memory-space) applications into sandboxed processes. Passe limits communication between those components and the types of accesses each component can make to shared storage, such as a backend database. In order to limit components to their least privilege, Passe uses dynamic analysis on developer-supplied end-to-end test cases to learn data and control-flow relationships between database queries and previous query results, and it then strongly enforces those relationships. Our prototype of Passe acts as a drop-in replacement for the Django web framework. By running eleven unmodified, off-the-shelf applications in Passe, we demonstrate its ability to provide strong security guarantees-Passe correctly enforced 96% of the applications' policies-with little additional overhead. Additionally, in the web-specific setting of the prototype, we also mitigate the cross-component effects of cross-site scripting (XSS) attacks by combining browser HTML5 sandboxing techniques with our automatic component separation.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133967994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 28

Analyzing Forged SSL Certificates in the Wild 分析野外伪造SSL证书

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.13

Lin-Shung Huang, Alex Rice, Erling Ellingsen, Collin Jackson

引用次数: 155

When HTTPS Meets CDN: A Case of Authentication in Delegated Service 当HTTPS遇到CDN:委托服务中的身份验证案例

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.12

Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li, Tao Wan, Jianping Wu

{"title":"When HTTPS Meets CDN: A Case of Authentication in Delegated Service","authors":"Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li, Tao Wan, Jianping Wu","doi":"10.1109/SP.2014.12","DOIUrl":"https://doi.org/10.1109/SP.2014.12","url":null,"abstract":"Content Delivery Network (CDN) and Hypertext Transfer Protocol Secure (HTTPS) are two popular but independent web technologies, each of which has been well studied individually and independently. This paper provides a systematic study on how these two work together. We examined 20 popular CDN providers and 10,721 of their customer web sites using HTTPS. Our study reveals various problems with the current HTTPS practice adopted by CDN providers, such as widespread use of invalid certificates, private key sharing, neglected revocation of stale certificates, and insecure back-end communication. While some of those problems are operational issues only, others are rooted in the fundamental semantic conflict between the end-to-end nature of HTTPS and the man-in-the-middle nature of CDN involving multiple parties in a delegated service. To address the delegation problem when HTTPS meets CDN, we proposed and implemented a lightweight solution based on DANE (DNS-based Authentication of Named Entities), an emerging IETF protocol complementing the current Web PKI model. Our implementation demonstrates that it is feasible for HTTPS to work with CDN securely and efficiently. This paper intends to provide a context for future discussion within security and CDN community on more preferable solutions.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129462338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 108

Dynamic Searchable Encryption via Blind Storage 动态可搜索加密通过盲存储

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.47

Muhammad Naveed, M. Prabhakaran, Carl A. Gunter

{"title":"Dynamic Searchable Encryption via Blind Storage","authors":"Muhammad Naveed, M. Prabhakaran, Carl A. Gunter","doi":"10.1109/SP.2014.47","DOIUrl":"https://doi.org/10.1109/SP.2014.47","url":null,"abstract":"Dynamic Searchable Symmetric Encryption allows a client to store a dynamic collection of encrypted documents with a server, and later quickly carry out keyword searches on these encrypted documents, while revealing minimal information to the server. In this paper we present a new dynamic SSE scheme that is simpler and more efficient than existing schemes while revealing less information to the server than prior schemes, achieving fully adaptive security against honest-but-curious servers. We implemented a prototype of our scheme and demonstrated its efficiency on datasets from prior work. Apart from its concrete efficiency, our scheme is also simpler: in particular, it does not require the server to support any operation other than upload and download of data. Thus the server in our scheme can be based solely on a cloud storage service, rather than a cloud computation service as well, as in prior work. In building our dynamic SSE scheme, we introduce a new primitive called Blind Storage, which allows a client to store a set of files on a remote server in such a way that the server does not learn how many files are stored, or the lengths of the individual files, as each file is retrieved, the server learns about its existence (and can notice the same file being downloaded subsequently), but the file's name and contents are not revealed. This is a primitive with several applications other than SSE, and is of independent interest.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120975230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 304

Zerocash: Decentralized Anonymous Payments from Bitcoin Zerocash:比特币的去中心化匿名支付

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.36

Eli Ben-Sasson, A. Chiesa, Christina Garman, M. Green, Ian Miers, Eran Tromer, M. Virza

{"title":"Zerocash: Decentralized Anonymous Payments from Bitcoin","authors":"Eli Ben-Sasson, A. Chiesa, Christina Garman, M. Green, Ian Miers, Eran Tromer, M. Virza","doi":"10.1109/SP.2014.36","DOIUrl":"https://doi.org/10.1109/SP.2014.36","url":null,"abstract":"Bit coin is the first digital currency to see widespread adoption. While payments are conducted between pseudonyms, Bit coin cannot offer strong privacy guarantees: payment transactions are recorded in a public decentralized ledger, from which much information can be deduced. Zero coin (Miers et al., IEEE S&P 2013) tackles some of these privacy issues by unlinking transactions from the payment's origin. Yet, it still reveals payments' destinations and amounts, and is limited in functionality. In this paper, we construct a full-fledged ledger-based digital currency with strong privacy guarantees. Our results leverage recent advances in zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs). First, we formulate and construct decentralized anonymous payment schemes (DAP schemes). A DAP scheme enables users to directly pay each other privately: the corresponding transaction hides the payment's origin, destination, and transferred amount. We provide formal definitions and proofs of the construction's security. Second, we build Zero cash, a practical instantiation of our DAP scheme construction. In Zero cash, transactions are less than 1 kB and take under 6 ms to verify - orders of magnitude more efficient than the less-anonymous Zero coin and competitive with plain Bit coin.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130917240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1619

SoK: Introspections on Trust and the Semantic Gap 信任与语义差距的内省

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-05-18 DOI: 10.1109/SP.2014.45

Bhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E. Porter, R. Sion

{"title":"SoK: Introspections on Trust and the Semantic Gap","authors":"Bhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E. Porter, R. Sion","doi":"10.1109/SP.2014.45","DOIUrl":"https://doi.org/10.1109/SP.2014.45","url":null,"abstract":"An essential goal of Virtual Machine Introspection (VMI) is assuring security policy enforcement and overall functionality in the presence of an untrustworthy OS. A fundamental obstacle to this goal is the difficulty in accurately extracting semantic meaning from the hypervisor's hardware level view of a guest OS, called the semantic gap. Over the twelve years since the semantic gap was identified, immense progress has been made in developing powerful VMI tools. Unfortunately, much of this progress has been made at the cost of reintroducing trust into the guest OS, often in direct contradiction to the underlying threat model motivating the introspection. Although this choice is reasonable in some contexts and has facilitated progress, the ultimate goal of reducing the trusted computing base of software systems is best served by a fresh look at the VMI design space. This paper organizes previous work based on the essential design considerations when building a VMI system, and then explains how these design choices dictate the trust model and security properties of the overall system. The paper then observes portions of the VMI design space which have been under-explored, as well as potential adaptations of existing techniques to bridge the semantic gap without trusting the guest OS. Overall, this paper aims to create an essential checkpoint in the broader quest for meaningful trust in virtualized environments through VM introspection.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129434986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 105