发布求助
文献互助 智能选刊 最新文献

Proceedings of the 13th European workshop on Systems Security最新文献

筛选
英文 中文
Automated data race bugs addition 自动数据竞争bug添加
Proceedings of the 13th European workshop on Systems Security Pub Date : 2020-04-27 DOI: 10.1145/3380786.3391401
Hongliang Liang, Mingyu Li, Jianli Wang
{"title":"Automated data race bugs addition","authors":"Hongliang Liang, Mingyu Li, Jianli Wang","doi":"10.1145/3380786.3391401","DOIUrl":"https://doi.org/10.1145/3380786.3391401","url":null,"abstract":"A challenge faced by concurrency bug detection techniques is the lack of ground-truth corpora, i.e., a lot of true concurrency bugs, making it difficult to evaluate and verify these technologies and tools, e.g., to precisely measure their false negative and false positive rates. In this paper, we present DRInject, a novel dynamic debugging based technique for producing ground-truth corpora by automatically and quickly injecting lots of realistic data race bugs into program source code. Each data race bug is assured by injecting modifying code to a global variable in two concurrency threads. These bugs are realistic in that they are embedded deep with programs and are triggered by real inputs. We have injected over 600 data race bugs into 10 benchmark or real-world programs, including water-nsquared, X264 and libvips. Moreover, we evaluated four data race detectors using the produced buggy programs and found there are much improvement space for these tools. Preliminary experiments show that DRInject can inject data race bugs in large scale programs and evaluate detect tools with fundamental quantities like false negative and false positive rate, which forms the basis to generate large bug corpora for the future research in concurrency software.","PeriodicalId":243224,"journal":{"name":"Proceedings of the 13th European workshop on Systems Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127745202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Secure and efficient in-process monitor (and library) protection with Intel MPK 安全高效的进程内监视器(和库)保护与英特尔MPK
Proceedings of the 13th European workshop on Systems Security Pub Date : 2020-04-27 DOI: 10.1145/3380786.3391398
Xiaoguang Wang, SengMing Yeoh, Pierre Olivier, B. Ravindran
{"title":"Secure and efficient in-process monitor (and library) protection with Intel MPK","authors":"Xiaoguang Wang, SengMing Yeoh, Pierre Olivier, B. Ravindran","doi":"10.1145/3380786.3391398","DOIUrl":"https://doi.org/10.1145/3380786.3391398","url":null,"abstract":"The process reference monitor is a common technique to enforce security policies for application execution. Reference monitors can be used to detect attacks, enforce access control, check program integrity and even transform program state. Deciding where the monitor resides involves a trade-off between strong monitor isolation and low switching overheads. Running the monitor in the same address space as the protected/traced application (in-process monitors) allows for low overhead but raises isolation concerns. Thus, existing work place monitors in a separate address space, which leads to expensive monitor invocation latencies. We present MonGuard, a system in which a high-performance in-process monitor is efficiently isolated from the rest of the application. To that aim, we leverage the Intel Memory Protection Key (MPK) technology to enforce execute-only memory, combined with code randomization to protect and hide the monitor. MonGuard instruments around sensitive instructions to further prevent possible code reuse attacks. The carefully constructed monitor call gate switches the monitor memory permission in a context-sensitive way. We have built a prototype of MonGuard mostly as a loader extension and implemented a multi-variant execution (MVX) monitor. The evaluation shows MonGuard performs faster than the out-of-process monitor approach.","PeriodicalId":243224,"journal":{"name":"Proceedings of the 13th European workshop on Systems Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127082295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
What's all that noise: analysis and detection of propaganda on Twitter 这些噪音是什么:分析和检测Twitter上的宣传
Proceedings of the 13th European workshop on Systems Security Pub Date : 2020-04-27 DOI: 10.1145/3380786.3391399
Ansgar Kellner, Christian Wressnegger, Konrad Rieck
{"title":"What's all that noise: analysis and detection of propaganda on Twitter","authors":"Ansgar Kellner, Christian Wressnegger, Konrad Rieck","doi":"10.1145/3380786.3391399","DOIUrl":"https://doi.org/10.1145/3380786.3391399","url":null,"abstract":"For many, social networks have become the primary source of news, although the correctness of the provided information and its trustworthiness are often unclear. The investigations of the 2016 US presidential elections have brought the existence of external campaigns to light aiming at affecting the general political public opinion. In this paper, we investigate whether a similar influence on political elections can be observed in Europe as well. To this end, we use the past German federal election as an indicator and inspect the propaganda on Twitter, based on data from a period of 268 days. We find that 79 trolls from the US campaign have also acted upon the German federal election spreading right-wing views. Moreover, we develop a detector for finding automated behavior that enables us to identify 2,414 previously unknown suspicious accounts.","PeriodicalId":243224,"journal":{"name":"Proceedings of the 13th European workshop on Systems Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114454219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
X-AFL: a kernel fuzzer combining passive and active fuzzing X-AFL:一种结合被动和主动模糊的核心模糊器
Proceedings of the 13th European workshop on Systems Security Pub Date : 2020-04-27 DOI: 10.1145/3380786.3391400
Hongliang Liang, Yixiu Chen, Zhuosi Xie, Zhiyi Liang
{"title":"X-AFL: a kernel fuzzer combining passive and active fuzzing","authors":"Hongliang Liang, Yixiu Chen, Zhuosi Xie, Zhiyi Liang","doi":"10.1145/3380786.3391400","DOIUrl":"https://doi.org/10.1145/3380786.3391400","url":null,"abstract":"Vulnerabilities in OS kernel are more severe than those in user space because they allow attackers to access a system with full privileges. Fuzzing is an efficient technique to detect vulnerabilities though little fuzzing efforts aim to kernels. On one hand, by hooking the kernel, passive fuzzing can satisfy the dependencies among system calls but get no feedback, and thus fails to generate test cases for a resulted crash. On the other hand, guided with run-time feedback, active fuzzing can easily reproduce the crash with generated test cases, but cannot find bugs in deeper code path due to lacking of data dependency or control dependency. In this paper, we propose a novel approach for fuzzing kernel which combines passive fuzzing and active fuzzing and therefore gain their advantages. We implement the approach in a prototype called X-AFL which currently aims to test the Android kernel. Preliminary evaluation results show that X-AFL is an effective kernel fuzzer and can indeed find kernel vulnerabilities.","PeriodicalId":243224,"journal":{"name":"Proceedings of the 13th European workshop on Systems Security","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131136648","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Microservices made attack-resilient using unsupervised service fissioning 微服务使用无监督的服务分裂实现了攻击弹性
Proceedings of the 13th European workshop on Systems Security Pub Date : 2020-04-27 DOI: 10.1145/3380786.3391395
A. F. Baarzi, G. Kesidis, D. Fleck, A. Stavrou
{"title":"Microservices made attack-resilient using unsupervised service fissioning","authors":"A. F. Baarzi, G. Kesidis, D. Fleck, A. Stavrou","doi":"10.1145/3380786.3391395","DOIUrl":"https://doi.org/10.1145/3380786.3391395","url":null,"abstract":"Application-layer DoS attacks are increasing as the number of cloud-deployed microservice applications is increasing. The attacker tries to exhaust computing resources and brings the nominal applications down by exploiting application-layer vulnerabilities. As traditional solutions for volumetric DoS attacks will not be able to handle these attacks, new approaches are required to detect and respond to application-layer attacks. In this work, we propose an unsupervised, non-intrusive and application-agnostic detection approach and fissioning based response mechanism. We built our prototype on Kubernetes, the state of the art container orchestrator for microservices, and show its effectiveness through experimental evaluation. Our preliminary results show that using our detection and defense mechanism, we are able to a) efficiently identify the attacks and b) reduce the effect of the attack on legitimate users by 3× compared to a case where there is no detection/defense in place.","PeriodicalId":243224,"journal":{"name":"Proceedings of the 13th European workshop on Systems Security","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126231119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Aim low, shoot high: evading aimbot detectors by mimicking user behavior 瞄准低,射击高:通过模仿用户行为逃避目标机器人探测器
Proceedings of the 13th European workshop on Systems Security Pub Date : 2020-04-25 DOI: 10.1145/3380786.3391397
Tim Witschel, Christian Wressnegger
{"title":"Aim low, shoot high: evading aimbot detectors by mimicking user behavior","authors":"Tim Witschel, Christian Wressnegger","doi":"10.1145/3380786.3391397","DOIUrl":"https://doi.org/10.1145/3380786.3391397","url":null,"abstract":"Current schemes to detect cheating in online games often build on the assumption that the applied cheat takes actions that are drastically different from normal behavior. For instance, an Aimbot for a first-person shooter is used by an amateur player to increase his/her capabilities many times over. Attempts to evade detection would require to reduce the intended effect such that the advantage is presumably lowered into insignificance. We argue that this is not necessarily the case and demonstrate how a professional player is able to make use of an adaptive Aimbot that mimics user behavior to gradually increase performance and thus evades state-of-the-art detection mechanisms. We show this in a quantitative and qualitative evaluation with two professional \"Counter-Strike: Global Offensive\" players, two open-source Anti-Cheat systems, and the commercially established combination of VAC, VACnet, and Overwatch.","PeriodicalId":243224,"journal":{"name":"Proceedings of the 13th European workshop on Systems Security","volume":"255 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133207549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
PANDAcap: a framework for streamlining collection of full-system traces PANDAcap:一个简化全系统跟踪收集的框架
Proceedings of the 13th European workshop on Systems Security Pub Date : 2020-04-23 DOI: 10.1145/3380786.3391396
Manolis Stamatogiannakis, H. Bos, Paul T. Groth
{"title":"PANDAcap: a framework for streamlining collection of full-system traces","authors":"Manolis Stamatogiannakis, H. Bos, Paul T. Groth","doi":"10.1145/3380786.3391396","DOIUrl":"https://doi.org/10.1145/3380786.3391396","url":null,"abstract":"Full-system, deterministic record and replay has proven to be an invaluable tool for reverse engineering and systems analysis. However, acquiring a full-system recording typically involves signifcant planning and manual effort. This represents a distraction from the actual goal of recording a trace, i.e. analyzing it. We present PANDAcap, a framework based on PANDA full-system record and replay tool. PANDAcap combines off-the-shelf and custom-built components in order to streamline the process of recording PANDA traces. More importantly, in addition to making the setup of one-off experiments easier, PANDAcap also caters for streamlining of systematic repeatable experiments in order to create PANDA trace datasets. As a demonstration, we have used PANDAcap to deploy an ssh honeypot aiming at studying the brute-force ssh attacks.","PeriodicalId":243224,"journal":{"name":"Proceedings of the 13th European workshop on Systems Security","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124528598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Proceedings of the 13th European workshop on Systems Security 第十三届欧洲系统安全研讨会论文集
Proceedings of the 13th European workshop on Systems Security Pub Date : 2017-04-23 DOI: 10.1145/3380786
Cristiano Giuffrida, A. Stavrou
{"title":"Proceedings of the 13th European workshop on Systems Security","authors":"Cristiano Giuffrida, A. Stavrou","doi":"10.1145/3380786","DOIUrl":"https://doi.org/10.1145/3380786","url":null,"abstract":"","PeriodicalId":243224,"journal":{"name":"Proceedings of the 13th European workshop on Systems Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129076324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信