Proceedings 2019 Network and Distributed System Security Symposium最新文献

{"title":"Network and System Security: 17th International Conference, NSS 2023, Canterbury, UK, August 14–16, 2023, Proceedings","authors":"","doi":"10.1007/978-3-031-39828-5","DOIUrl":"https://doi.org/10.1007/978-3-031-39828-5","url":null,"abstract":"","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81658313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Network and System Security: 16th International Conference, NSS 2022, Denarau Island, Fiji, December 9–12, 2022, Proceedings","authors":"","doi":"10.1007/978-3-031-23020-2","DOIUrl":"https://doi.org/10.1007/978-3-031-23020-2","url":null,"abstract":"","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82273301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings","authors":"","doi":"10.1007/978-3-030-92708-0","DOIUrl":"https://doi.org/10.1007/978-3-030-92708-0","url":null,"abstract":"","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90196936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Network and System Security: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings","authors":"Kutyłowski, Jun Zhang, Chao Chen","doi":"10.1007/978-3-030-65745-1","DOIUrl":"https://doi.org/10.1007/978-3-030-65745-1","url":null,"abstract":"","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86333389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints","authors":"Shiqi Shen, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, P. Saxena","doi":"10.14722/ndss.2019.23530","DOIUrl":"https://doi.org/10.14722/ndss.2019.23530","url":null,"abstract":"Symbolic execution is a powerful technique for program analysis. However, it has many limitations in practical applicability: the path explosion problem encumbers scalability, the need for language-specific implementation, the inability to handle complex dependencies, and the limited expressiveness of theories supported by underlying satisfiability checkers. Often, relationships between variables of interest are not expressible directly as purely symbolic constraints. To this end, we present a new approach—neuro-symbolic execution—which learns an approximation of the relationship between program values of interest, as a neural network. We develop a procedure for checking satisfiability of mixed constraints, involving both symbolic expressions and neural representations. We implement our new approach in a tool called NEUEX as an extension of KLEE, a state-of-the-art dynamic symbolic execution engine. NEUEX finds 33 exploits in a benchmark of 7 programs within 12 hours. This is an improvement in the bug finding efficacy of 94% over vanilla KLEE. We show that this new approach drives execution down difficult paths on which KLEE and other DSE extensions get stuck, eliminating limitations of purely SMT-based techniques.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78204980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DroidCap: OS Support for Capability-based Permissions in Android","authors":"A. Dawoud, Sven Bugiel","doi":"10.14722/ndss.2019.23398","DOIUrl":"https://doi.org/10.14722/ndss.2019.23398","url":null,"abstract":"We present DroidCap, a retrofitting of Android’s central Binder IPC mechanism to change the way how permissions are being represented and managed in the system. In DroidCap, permissions are per-process Binder object capabilities. DroidCap's design removes Android’s UID-based ambient authority and allows the delegation of capabilities between processes to create least-privileged protection domains efficiently. With DroidCap, we show that object capabilities as underlying access control model integrates naturally and backward-compatible into Android’s stock permission model and application management. Thus, our Binder capabilities provide app developers with a new path to gradually adopting app compartmentalization, which we showcase at two favorite examples from the literature, privilege separated advertisement libraries and least privileged app components.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74924104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MBeacon: Privacy-Preserving Beacons for DNA Methylation Data","authors":"Inken Hagestedt, Yang Zhang, Mathias Humbert, Pascal Berrang, Haixu Tang, Xiaofeng Wang, M. Backes","doi":"10.14722/ndss.2019.23064","DOIUrl":"https://doi.org/10.14722/ndss.2019.23064","url":null,"abstract":"The advancement of molecular profiling techniques \u0000fuels biomedical research with a deluge of data. To facilitate \u0000data sharing, the Global Alliance for Genomics and Health \u0000established the Beacon system, a search engine designed to help \u0000researchers find datasets of interest. While the current Beacon \u0000system only supports genomic data, other types of biomedical \u0000data, such as DNA methylation, are also essential for advancing \u0000our understanding in the field. In this paper, we propose the first \u0000Beacon system for DNA methylation data sharing: MBeacon. As \u0000the current genomic Beacon is vulnerable to privacy attacks, such \u0000as membership inference, and DNA methylation data is highly \u0000sensitive, we take a privacy-by-design approach to construct \u0000MBeacon. \u0000First, we demonstrate the privacy threat, by proposing a \u0000membership inference attack tailored specifically to unprotected \u0000methylation Beacons. Our experimental results show that 100 \u0000queries are sufficient to achieve a successful attack with AUC \u0000(area under the ROC curve) above 0.9. To remedy this situation, \u0000we propose a novel differential privacy mechanism, namely SVT2 \u0000, \u0000which is the core component of MBeacon. Extensive experiments \u0000over multiple datasets show that SVT2 \u0000can successfully mitigate \u0000membership privacy risks without significantly harming utility. \u0000We further implement a fully functional prototype of MBeacon \u0000which we make available to the research community","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78829063","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits","authors":"Michael Schwarz, F. Lackner, D. Gruss","doi":"10.14722/ndss.2019.23155","DOIUrl":"https://doi.org/10.14722/ndss.2019.23155","url":null,"abstract":"Today, more and more web browsers and extensions provide anonymity features to hide user details. Primarily used to evade tracking by websites and advertisements, these features are also used by criminals to prevent identification. Thus, not only tracking companies but also law-enforcement agencies have an interest in finding flaws which break these anonymity features. For instance, for targeted exploitation using zero days, it is essential to have as much information about the target as possible. A failed exploitation attempt, e.g., due to a wrongly guessed operating system, can burn the zero-day, effectively costing the attacker money. Also for side-channel attacks, it is of the utmost importance to know certain aspects of the victim’s hardware configuration, e.g., the instruction-set architecture. Moreover, knowledge about specific environmental properties, such as the operating system, allows crafting more plausible dialogues for phishing attacks. In this paper, we present a fully automated approach to find subtle differences in browser engines caused by the environment. Furthermore, we present two new side-channel attacks on browser engines to detect the instruction-set architecture and the used memory allocator. Using these differences, we can deduce information about the system, both about the software as well as the hardware. As a result, we cannot only ease the creation of fingerprints, but we gain the advantage of having a more precise picture for targeted exploitation. Our approach allows automating the cumbersome manual search for such differences. We collect all data available to the JavaScript engine and build templates from these properties. If a property of such a template stays the same on one system but differs on a different system, we found an environment-dependent property. We found environment-dependent properties in Firefox, Chrome, Edge, and mobile Tor, allowing us to reveal the underlying operating system, CPU architecture, used privacy-enhancing plugins, as well as exact browser version. We stress that our method should be used in the development of browsers and privacy extensions to automatically find flaws in the implementation.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91547241","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Nearby Threats: Reversing, Analyzing, and Attacking Google's 'Nearby Connections' on Android","authors":"D. Antonioli, Nils Ole Tippenhauer, Kasper Bonne Rasmussen","doi":"10.14722/ndss.2019.23367","DOIUrl":"https://doi.org/10.14722/ndss.2019.23367","url":null,"abstract":"Google’s Nearby Connections API enables any An-droid (and Android Things) application to provide proximity-based services to its users, regardless of their network connectivity.The API uses Bluetooth BR/EDR, Bluetooth LE and Wi-Fi to let“nearby” clients (discoverers) and servers (advertisers) connectand exchange different types of payloads. The implementation ofthe API is proprietary, closed-source and obfuscated. The updatesof the API are automatically installed by Google across differentversions of Android, without user interaction. Little is knownpublicly about the security guarantees offered by the API, eventhough it presents a significant attack surface.In this work we present the first security analysis of theGoogle’s Nearby Connections API, based on reverse-engineeringof its Android implementation. We discover and implement sev-eral attacks grouped into two families: connection manipulation(CMA) and range extension attacks (REA). CMA-attacks allow anattacker to insert himself as a man-in-the-middle and manipulateconnections (even unrelated to nearby), and to tamper withthe victim’s interface and network configuration. REA-attacksallow an attacker to tunnel any nearby connection to remotelocations, even between two honest devices. Our attacks areenabled by REArby, a toolkit we developed while reversingthe API implementation. REArby includes a dynamic binaryinstrumenter, a packet dissector, and the implementations ofcustom Nearby Connections client and server. We plan to open-source REArby after a responsible disclosure period.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75956019","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web","authors":"Seunghyeon Lee, Changhoon Yoon, Heedo Kang, Yeonkeun Kim, Yongdae Kim, Dongsu Han, Sooel Son, Seungwon Shin","doi":"10.14722/NDSS.2019.23055","DOIUrl":"https://doi.org/10.14722/NDSS.2019.23055","url":null,"abstract":"The Dark Web is notorious for being a major distribution channel of harmful content as well as unlawful goods. Perpetrators have also used cryptocurrencies to conduct illicit financial transactions while hiding their identities. The limited coverage and outdated data of the Dark Web in previous studies motivated us to conduct an in-depth investigative study to understand how perpetrators abuse cryptocurrencies in the Dark Web. We designed and implemented MFScope, a new framework which collects Dark Web data, extracts cryptocurrency information, and analyzes their usage characteristics on the Dark Web. Specifically, MFScope collected more than 27 million dark webpages and extracted around 10 million unique cryptocurrency addresses for Bitcoin, Ethereum, and Monero. It then classified their usages to identify trades of illicit goods and traced cryptocurrency money flows, to reveal black money operations on the Dark Web. In total, using MFScope we discovered that more than 80% of Bitcoin addresses on the Dark Web were used with malicious intent; their monetary volume was around 180 million USD, and they sent a large sum of their money to several popular cryptocurrency services (e.g., exchange services). Furthermore, we present two real-world unlawful services and demonstrate their Bitcoin transaction traces, which helps in understanding their marketing strategy as well as black money operations.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86598725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}