发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security最新文献

筛选
英文 中文
The Case for In-Network Replay Suppression 网络内重放抑制的案例
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3052988
Taeho Lee, C. Pappas, A. Perrig, V. Gligor, Yih-Chun Hu
{"title":"The Case for In-Network Replay Suppression","authors":"Taeho Lee, C. Pappas, A. Perrig, V. Gligor, Yih-Chun Hu","doi":"10.1145/3052973.3052988","DOIUrl":"https://doi.org/10.1145/3052973.3052988","url":null,"abstract":"We make a case for packet-replay suppression at the network layer, a concept that has been generally neglected. Our contribution is twofold. First, we demonstrate a new attack, the router-reflection attack, that can be launched using compromised routers. In this attack, a compromised router degrades the connectivity of a remote Internet region just by replaying packets. The attack is feasible even if all packets are attributed to their sources, i.e., source authentication is in place, and our evaluation shows that the threat is pervasive---candidate routers for compromise are in the order of hundreds or thousands. Second, we design an in-network mechanism for replay suppression. We start by showing that designing such a mechanism poses unsolved challenges and simple adaptations of end-to-end solutions are not sufficient. Then, we devise, analyze, and implement a highly efficient protocol that suppresses replayed traffic at the network layer without global time synchronization. Our software-router prototype can saturate a 10 Gbps link using only two CPU cores for packet processing.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"40 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74053869","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Traffic Analysis Attacks in Anonymity Networks 匿名网络中的流量分析攻击
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3055159
K. Kohls, C. Pöpper
{"title":"Traffic Analysis Attacks in Anonymity Networks","authors":"K. Kohls, C. Pöpper","doi":"10.1145/3052973.3055159","DOIUrl":"https://doi.org/10.1145/3052973.3055159","url":null,"abstract":"With more than 1.7 million daily users, Tor is a large-scale anonymity network that helps people to protect their identities in the Internet. Tor provides low-latency transmissions that can serve a wide range of applications including web browsing, which renders it an easily accessible tool for a large user base. Unfortunately, its wide adoption makes Tor a valuable target for de-anonymization attacks. Recent work proved that powerful traffic analysis attacks exist which enable an adversary to relate traffic streams in the network and identify users and accessed contents. One open research question in the field of anonymity networks therefore addresses efficient countermeasures to the class of traffic analysis attacks. Defensive techniques must improve the security features of existing networks while still providing an acceptable performance that can maintain the wide acceptance of a system. The proposed work presents an analysis of mixing strategies as a countermeasure to traffic analysis attacks in Tor. First simulation results indicate the security gains and performance impairments of three main mixing strategies.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"54 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90885777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Strict Virtual Call Integrity Checking for C++ Binaries 严格的虚调用完整性检查c++二进制文件
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3052976
Mohamed Elsabagh, D. Fleck, A. Stavrou
{"title":"Strict Virtual Call Integrity Checking for C++ Binaries","authors":"Mohamed Elsabagh, D. Fleck, A. Stavrou","doi":"10.1145/3052973.3052976","DOIUrl":"https://doi.org/10.1145/3052973.3052976","url":null,"abstract":"Modern operating systems are equipped with defenses that render legacy code injection attacks inoperable. However, attackers can bypass these defenses by crafting attacks that reuse existing code in a program's memory. One of the most common classes of attacks manipulates memory data used indirectly to execute code, such as function pointers. This is especially prevalent in C++ programs, since tables of function pointers (vtables) are used by all major compilers to support polymorphism. In this paper, we propose VCI, a binary rewriting system that secures C++ binaries against vtable attacks. VCI works directly on stripped binary files. It identifies and reconstructs various C++ semantics from the binary, and constructs a strict CFI policy by resolving and pairing virtual function calls (vcalls) with precise sets of target classes. The policy is enforced by instrumenting checks into the binary at vcall sites. Experimental results on SPEC CPU2006 and Firefox show that VCI is significantly more precise than state-of-the-art binary solutions. Testing against the ground truth from the source-based defense GCC VTV, VCI achieved greater than 60% precision in most cases, accounting for at least 48% to 99% additional reduction in the attack surface compared to the state-of-the-art binary defenses. VCI incurs a 7.79% average runtime overhead which is comparable to the state-of-the-art. In addition, we discuss how VCI defends against real-world attacks, and how it impacts advanced vtable reuse attacks such as COOP.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"104 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79192638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
BRIDEMAID: An Hybrid Tool for Accurate Detection of Android Malware BRIDEMAID:一个精确检测Android恶意软件的混合工具
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3055156
F. Martinelli, F. Mercaldo, A. Saracino
{"title":"BRIDEMAID: An Hybrid Tool for Accurate Detection of Android Malware","authors":"F. Martinelli, F. Mercaldo, A. Saracino","doi":"10.1145/3052973.3055156","DOIUrl":"https://doi.org/10.1145/3052973.3055156","url":null,"abstract":"This paper presents BRIDEMAID, a framework which exploits an approach static and dynamic for accurate detection of Android malware. The static analysis is based on n-grams matching, whilst the dynamic analysis is based on multi-level monitoring of device, app and user behavior. The framework has been tested against 2794 malicious apps reporting a detection accuracy of 99,7% and a negligible false positive rate, tested on a set of 10k genuine apps.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"11 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77676638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
Model-based Attack Detection Scheme for Smart Water Distribution Networks 基于模型的智能配水网络攻击检测方案
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3053011
Chuadhry Mujeeb Ahmed, C. Murguia, Justin Ruths
{"title":"Model-based Attack Detection Scheme for Smart Water Distribution Networks","authors":"Chuadhry Mujeeb Ahmed, C. Murguia, Justin Ruths","doi":"10.1145/3052973.3053011","DOIUrl":"https://doi.org/10.1145/3052973.3053011","url":null,"abstract":"In this manuscript, we present a detailed case study about model-based attack detection procedures for Cyber-Physical Systems (CPSs). In particular, using EPANET (a simulation tool for water distribution systems), we simulate a Water Distribution Network (WDN). Using this data and sub-space identification techniques, an input-output Linear Time Invariant (LTI) model for the network is obtained. This model is used to derive a Kalman filter to estimate the evolution of the system dynamics. Then, residual variables are constructed by subtracting data coming from EPANET and the estimates of the Kalman filter. We use these residuals and the Bad-Data and the dynamic Cumulative Sum (CUSUM) change detection procedures for attack detection. Simulation results are presented - considering false data injection and zero-alarm attacks on sensor readings, and attacks on control input - to evaluate the performance of our model-based attack detection schemes. Finally, we derive upper bounds on the estimator-state deviation that zero-alarm attacks can induce.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"10 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81447923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 68
Quantitative Security Assessment Method based on Entropy for Moving Target Defense 基于熵的移动目标防御定量安全评估方法
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3055161
Duohe Ma, Liming Wang, Cheng Lei, Zhen Xu, Hongqi Zhang, Meng Li
{"title":"Quantitative Security Assessment Method based on Entropy for Moving Target Defense","authors":"Duohe Ma, Liming Wang, Cheng Lei, Zhen Xu, Hongqi Zhang, Meng Li","doi":"10.1145/3052973.3055161","DOIUrl":"https://doi.org/10.1145/3052973.3055161","url":null,"abstract":"Moving Target Defense(MTD) provides a promising solution to reduce the chance of weakness exposure by constantly changing the target's attack surface. Though lots of MTD technologies have been researched to defend network attacks, there is little systematic study on security assessment of MTD. This paper proposes a novel method to quantify the security of MTD system which based on three factors: Vulnerability Entropy, Attack Entropy and Attenuation Entropy. This assessment model provides a theoretical and practical guidance for building MTD system and improving MTD technology.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"22 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86224726","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Functional Encryption with Oblivious Helper 功能加密与遗忘的帮助
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3052996
Pierre-Alain Dupont, D. Pointcheval
{"title":"Functional Encryption with Oblivious Helper","authors":"Pierre-Alain Dupont, D. Pointcheval","doi":"10.1145/3052973.3052996","DOIUrl":"https://doi.org/10.1145/3052973.3052996","url":null,"abstract":"Functional encryption is a nice tool that bridges the gap between usability and privacy when providing access to huge databases: while being encrypted, aggregated information is available with a fine-tuned control by the owner of the database who can specify the functions he allows users to compute on the data. Unfortunately, giving access to several functions might leak too much information on the database, since once the decryption capability is given for a specific function, this is for an unlimited number of ciphertexts. In the particular case of the inner-product, if rows or records of the database contain l fields on which one got l independent inner-product capabilities, one can extract all the individual fields. On the other hand, the major applications that make use of inner-products, such as machine-learning, need to compute many of them. This paper deals with a practical trade-off in order to allow the computation of various inner-products, while still protecting the confidentiality of the data. To this aim, we introduce an oblivious helper, that will be required for any decryption-query, in order to control the leakage of information on the database. It should indeed learn just enough information to guarantee the confidentiality of the database, but without endangering the privacy of the queries.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"1969 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91368122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation 安全钱包辅助离线比特币支付与双支付撤销
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3052980
A. Dmitrienko, D. Noack, M. Yung
{"title":"Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation","authors":"A. Dmitrienko, D. Noack, M. Yung","doi":"10.1145/3052973.3052980","DOIUrl":"https://doi.org/10.1145/3052973.3052980","url":null,"abstract":"Bitcoin seems to be the most successful cryptocurrency so far given the growing real life deployment and popularity. While Bitcoin requires clients to be online to perform transactions and a certain amount of time to verify them, there are many real life scenarios that demand for offline and immediate payments (e.g., mobile ticketing, vending machines, etc). However, offline payments in Bitcoin raise non-trivial security challenges, as the payee has no means to verify the received coins without having access to the Bitcoin network. Moreover, even online immediate payments are shown to be vulnerable to double-spending attacks. In this paper, we propose the first solution for Bitcoin payments, which enables secure payments with Bitcoin in offline settings and in scenarios where payments need to be immediately accepted. Our approach relies on an offline wallet and deploys several novel security mechanisms to prevent double-spending and to verify the coin validity in offline setting. These mechanisms achieve probabilistic security to guarantee that the attack probability is lower than the desired threshold. We provide a security and risk analysis as well as model security parameters for various adversaries. We further eliminate remaining risks by detection of misbehaving wallets and their revocation. We implemented our solution for mobile Android clients and instantiated an offline wallet using a microSD security card. Our implementation demonstrates that smooth integration over a very prevalent platform (Android) is possible, and that offline and online payments can practically co-exist. We also discuss alternative deployment approach for the offline wallet which does not leverage secure hardware, but instead relies on a deposit system managed by the Bitcoin network.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"2015 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73732725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing 使用基于模型的测试发现Wi-Fi握手中的逻辑漏洞
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3053008
M. Vanhoef, Domien Schepers, F. Piessens
{"title":"Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing","authors":"M. Vanhoef, Domien Schepers, F. Piessens","doi":"10.1145/3052973.3053008","DOIUrl":"https://doi.org/10.1145/3052973.3053008","url":null,"abstract":"We use model-based testing techniques to detect logical vulnerabilities in implementations of the Wi-Fi handshake. This reveals new fingerprinting techniques, multiple downgrade attacks, and Denial of Service (DoS) vulnerabilities. Stations use the Wi-Fi handshake to securely connect with wireless networks. In this handshake, mutually supported capabilities are determined, and fresh pairwise keys are negotiated. As a result, a proper implementation of the Wi-Fi handshake is essential in protecting all subsequent traffic. To detect the presence of erroneous behaviour, we propose a model-based technique that generates a set of representative test cases. These tests cover all states of the Wi-Fi handshake, and explore various edge cases in each state. We then treat the implementation under test as a black box, and execute all generated tests. Determining whether a failed test introduces a security weakness is done manually. We tested 12 implementations using this approach, and discovered irregularities in all of them. Our findings include fingerprinting mechanisms, DoS attacks, and downgrade attacks where an adversary can force usage of the insecure WPA-TKIP cipher. Finally, we explain how one of our downgrade attacks highlights incorrect claims made in the 802.11 standard.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"99 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74990567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
DataShield: Configurable Data Confidentiality and Integrity 数据字段:可配置的数据保密性和完整性
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI: 10.1145/3052973.3052983
Scott A. Carr, Mathias Payer
{"title":"DataShield: Configurable Data Confidentiality and Integrity","authors":"Scott A. Carr, Mathias Payer","doi":"10.1145/3052973.3052983","DOIUrl":"https://doi.org/10.1145/3052973.3052983","url":null,"abstract":"Applications written in C/C++ are prone to memory corruption, which allows attackers to extract secrets or gain control of the system. With the rise of strong control-flow hijacking defenses, non-control data attacks have become the dominant threat. As vulnerabilities like HeartBleed have shown, such attacks are equally devastating. Data Confidentiality and Integrity (DCI) is a low-overhead non-control-data protection mechanism for systems software. DCI augments the C/C++ programming languages with an- notations, allowing the programmer to protect selected data types. The DCI compiler and runtime system prevent illegal reads (confidentiality) and writes (integrity) to instances of these types. The programmer selects types that contain security critical information such as passwords, cryptographic keys, or identification tokens. Protecting only this critical data greatly reduces performance overhead relative to complete memory safety. Our prototype implementation of DCI, DataShield, shows the applicability and efficiency of our approach. For SPEC CPU2006, the performance overhead is at most 16.34%. For our case studies, we instrumented mbedTLS, astar, and libquantum to show that our annotation approach is practical. The overhead of our SSL/TLS server is 35.7% with critical data structures protected at all times. Our security evaluation shows DataShield mitigates a recently discovered vulnerability in mbedTLS.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76607453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 56
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信