2017 IEEE European Symposium on Security and Privacy (EuroS&P)最新文献_第4页

Designing and Proving an EMV-Compliant Payment Protocol for Mobile Devices 移动设备兼容emv支付协议的设计与验证

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 2017-04-01 DOI: 10.1109/EuroSP.2017.19

V. Cortier, Alicia Filipiak, Jan Florent, S. Gharout, Jacques Traoré

引用次数: 17

On the Effectiveness of Virtualization Based Memory Isolation on Multicore Platforms 多核平台上基于虚拟化的内存隔离有效性研究

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 2017-04-01 DOI: 10.1109/EuroSP.2017.25

Siqi Zhao, Xuhua Ding

{"title":"On the Effectiveness of Virtualization Based Memory Isolation on Multicore Platforms","authors":"Siqi Zhao, Xuhua Ding","doi":"10.1109/EuroSP.2017.25","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.25","url":null,"abstract":"Virtualization based memory isolation has been widely used as a security primitive in many security systems. This paper firstly provides an in-depth analysis of its effectiveness in the multicore setting, a first in the literature. Our study reveals that memory isolation by itself is inadequate for security. Due to the fundamental design choices in hardware, it faces several challenging issues including page table maintenance, address mapping validation and thread identification. As demonstrated by our attacks implemented on XMHF and BitVisor, these issues undermine the security of memory isolation. Next, we propose a new isolation approach that is immune to the aforementioned problems. In our design, the hypervisor constructs a fully isolated micro computing environment (FIMCE) that exposes a minimal attack surface to an untrusted OS on a multicore platform. By virtue of its architectural niche, FIMCE offers stronger assurance and greater versatility than memory isolation. We have built a prototype of FIMCE and measured its performance. To show the benefits of using FIMCE as a building block, we have also implemented several practical applications which cannot be securely realized by using memory isolation alone.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116805732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 5

Confidante: Usable Encrypted Email: A Case Study with Lawyers and Journalists 红颜知己:可用的加密电子邮件:律师和记者的案例研究

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 2017-04-01 DOI: 10.1109/EUROSP.2017.41

Ada Lerner, Eric Zeng, Franziska Roesner

{"title":"Confidante: Usable Encrypted Email: A Case Study with Lawyers and Journalists","authors":"Ada Lerner, Eric Zeng, Franziska Roesner","doi":"10.1109/EUROSP.2017.41","DOIUrl":"https://doi.org/10.1109/EUROSP.2017.41","url":null,"abstract":"Email encryption tools remain underused, even by people who frequently conduct sensitive business over email, such as lawyers and journalists. Usable encrypted email has remained out of reach largely because key management and verification remain difficult. However, key management has evolved in the age of social media: Keybase is a service that allows users to cryptographically link public keys to their social media accounts (e.g., Twitter), enabling key trust without out-of-band communication. We design and prototype Confidante, an encrypted email client that uses Keybase for automatic key management. We conduct a user study with 15 people (8 U. S. lawyers and 7 U. S. journalists) to evaluate Confidante's design decisions. We find that users complete an encrypted email task more quickly and with fewer errors using Confidante than with an existing email encryption tool, and that many users report finding Confidante comparable to using ordinary email. However, we also find that lawyers and journalists have diverse operational constraints and threat models, and thus that there may not be a one-size-fits-all solution to usable encrypted email. We reflect on our findings — both specifically about Confidante and more generally about the needs and constraints of lawyers and journalists—to identify lessons and remaining security and usability challenges for encrypted email.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"27 16","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120824325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 45

Reasoning about Probabilistic Defense Mechanisms against Remote Attacks 远程攻击的概率防御机制推理

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 2017-01-24 DOI: 10.1109/EuroSP.2017.30

Martín Ochoa, Sebastian Banescu, Cynthia Disenfeld, G. Barthe, Vijay Ganesh

{"title":"Reasoning about Probabilistic Defense Mechanisms against Remote Attacks","authors":"Martín Ochoa, Sebastian Banescu, Cynthia Disenfeld, G. Barthe, Vijay Ganesh","doi":"10.1109/EuroSP.2017.30","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.30","url":null,"abstract":"Despite numerous countermeasures proposed by practitioners andresearchers, remote control-flow alteration of programs withmemory-safety vulnerabilities continues to be a realisticthreat. Guaranteeing that complex software is completely free of memory-safety vulnerabilities is extremely expensive. Probabilistic countermeasures that depend on random secret keys are interesting, because they are an inexpensive way to raise the bar for attackers who aim to exploit memory-safety vulnerabilities. Moreover, some countermeasures even support legacy systems. However, it is unclear how to quantify and compare the effectiveness of different probabilistic countermeasures or combinations of such countermeasures. In this paper we propose a methodology to rigorously derive security boundsfor probabilistic countermeasures. We argue that by representingsecurity notions in this setting as events in probabilistic games, similarly as done with cryptographic security definitions, concreteand asymptotic guarantees can be obtained against realisticattackers. These guarantees shed light on the effectiveness of singlecountermeasures and their composition and allow practitioners to moreprecisely gauge the risk of an attack.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114315898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 6

Outsmarting Network Security with SDN Teleportation 用SDN传送胜过网络安全

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 2016-11-16 DOI: 10.1109/EuroSP.2017.21

K. Thimmaraju, Liron Schiff, S. Schmid

{"title":"Outsmarting Network Security with SDN Teleportation","authors":"K. Thimmaraju, Liron Schiff, S. Schmid","doi":"10.1109/EuroSP.2017.21","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.21","url":null,"abstract":"Software-defined networking is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. However, this paper shows that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), introduces a new vulnerability which we call teleportation. An attacker (e.g., a malicious switch in the data plane or a host connected to the network) can use teleportation to transmit information via the control plane and bypass critical network functions in the data plane (e.g., a firewall), and to violate security policies as well as logical and even physical separations. This paper characterizes the design space for teleportation attacks theoretically, and then identifies four different teleportation techniques. We demonstrate and discuss how these techniques can be exploited for different attacks (e.g., exfiltrating confidential data at high rates), and also initiate the discussion of possible countermeasures. Generally, and given today's trend toward more intent-based networking, we believe that our findings are relevant beyond the use cases considered in this paper.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"142 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113953925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 27

ARTist: The Android Runtime Instrumentation and Security Toolkit 艺术家:Android运行时工具和安全工具包

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 2016-07-22 DOI: 10.1109/EuroSP.2017.43

M. Backes, Sven Bugiel, Oliver Schranz, Philipp von Styp-Rekowsky, Sebastian Weisgerber

{"title":"ARTist: The Android Runtime Instrumentation and Security Toolkit","authors":"M. Backes, Sven Bugiel, Oliver Schranz, Philipp von Styp-Rekowsky, Sebastian Weisgerber","doi":"10.1109/EuroSP.2017.43","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.43","url":null,"abstract":"With the introduction of Android 5 Lollipop, the Android Runtime (ART) superseded the Dalvik Virtual Machine (DVM) by introducing ahead-of-time compilation and native execution of applications, effectively deprecating seminal works such as TaintDroid that hitherto depend on the DVM. In this paper, we discuss alternatives to overcome those restrictions and highlight advantages for the security community that can be derived from ART's novel on-device compiler dex2oat and its accompanying runtime components. To this end, we introduce ARTist, a compiler-based application instrumentation solution for Android that does not depend on operating system modifications and solely operates on the application layer. Since dex2oat is yet uncharted, our approach required first and foremost a thorough study of the compiler suite's internals and in particular of the new default compiler backend called Optimizing. We document the results of this study in this paper to facilitate independent research on this topic and exemplify the viability of ARTist by realizing two use cases. In particular, we conduct a case study on whether taint tracking can be re-instantiated using a compiler-based app instrumentation framework. Overall, our results provide compelling arguments for the community to choose compiler-based approaches over alternative bytecode or binary rewriting approaches for security solutions on Android.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123846530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 61

FairTest: Discovering Unwarranted Associations in Data-Driven Applications 公平测试:发现数据驱动应用程序中不合理的关联

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 2015-10-08 DOI: 10.1109/EUROSP.2017.29

Florian Tramèr, Vaggelis Atlidakis, Roxana Geambasu, Daniel J. Hsu, J. Hubaux, Mathias Humbert, A. Juels, Huang Lin

{"title":"FairTest: Discovering Unwarranted Associations in Data-Driven Applications","authors":"Florian Tramèr, Vaggelis Atlidakis, Roxana Geambasu, Daniel J. Hsu, J. Hubaux, Mathias Humbert, A. Juels, Huang Lin","doi":"10.1109/EUROSP.2017.29","DOIUrl":"https://doi.org/10.1109/EUROSP.2017.29","url":null,"abstract":"In a world where traditional notions of privacy are increasingly challenged by the myriad companies that collect and analyze our data, it is important that decision-making entities are held accountable for unfair treatments arising from irresponsible data usage. Unfortunately, a lack of appropriate methodologies and tools means that even identifying unfair or discriminatory effects can be a challenge in practice. We introduce the unwarranted associations (UA) framework, a principled methodology for the discovery of unfair, discriminatory, or offensive user treatment in data-driven applications. The UA framework unifies and rationalizes a number of prior attempts at formalizing algorithmic fairness. It uniquely combines multiple investigative primitives and fairness metrics with broad applicability, granular exploration of unfair treatment in user subgroups, and incorporation of natural notions of utility that may account for observed disparities. We instantiate the UA framework in FairTest, the first comprehensive tool that helps developers check data-driven applications for unfair user treatment. It enables scalable and statistically rigorous investigation of associations between application outcomes (such as prices or premiums) and sensitive user attributes (such as race or gender). Furthermore, FairTest provides debugging capabilities that let programmers rule out potential confounders for observed unfair effects. We report on use of FairTest to investigate and in some cases address disparate impact, offensive labeling, and uneven rates of algorithmic error in four data-driven applications. As examples, our results reveal subtle biases against older populations in the distribution of error in a predictive health application and offensive racial labeling in an image tagger.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123737357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 146

Use of Simulators for Side-Channel Analysis 使用模拟器进行侧信道分析

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 1900-01-01 DOI: 10.1109/EuroSP.2017.31

Nikita Veshchikov, S. Guilley

引用次数: 11