发布求助
文献互助 智能选刊 最新文献

European Workshop on System Security最新文献

筛选
英文 中文
nEther: in-guest detection of out-of-the-guest malware analyzers nEther: guest内检测guest外恶意软件分析程序
European Workshop on System Security Pub Date : 2011-04-10 DOI: 10.1145/1972551.1972554
Gábor Pék, B. Bencsáth, L. Buttyán
{"title":"nEther: in-guest detection of out-of-the-guest malware analyzers","authors":"Gábor Pék, B. Bencsáth, L. Buttyán","doi":"10.1145/1972551.1972554","DOIUrl":"https://doi.org/10.1145/1972551.1972554","url":null,"abstract":"Malware analysis can be an efficient way to combat malicious code, however, miscreants are constructing heavily armoured samples in order to stymie the observation of their artefacts. Security practitioners make heavy use of various virtualization techniques to create sandboxing environments that provide a certain level of isolation between the host and the code being analysed. However, most of these are easy to be detected and evaded. The introduction of hardware assisted virtualization (Intel VT and AMD-V) made the creation of novel, out-of-the-guest malware analysis platforms possible. These allow for a high level of transparency by residing completely outside the guest operating system being examined, thus conventional in-memory detection scans are ineffective. Furthermore, such analyzers resolve the shortcomings that stem from inaccurate system emulation, in-guest timings, privileged operations and so on.\u0000 In this paper, we introduce novel approaches that make the detection of hardware assisted virtualization platforms and out-of-the-guest malware analysis frameworks possible. To demonstrate our concepts, we implemented an application framework called nEther that is capable of detecting the out-of-the-guest malware analysis framework Ether [6].","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"30 7","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114042617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 71
Differential privacy for collaborative security 协作安全的差异隐私
European Workshop on System Security Pub Date : 2010-04-13 DOI: 10.1145/1752046.1752047
J. Reed, Adam J. Aviv, Daniel Wagner, Andreas Haeberlen, B. Pierce, Jonathan M. Smith
{"title":"Differential privacy for collaborative security","authors":"J. Reed, Adam J. Aviv, Daniel Wagner, Andreas Haeberlen, B. Pierce, Jonathan M. Smith","doi":"10.1145/1752046.1752047","DOIUrl":"https://doi.org/10.1145/1752046.1752047","url":null,"abstract":"Fighting global security threats with only a local view is inherently difficult. Internet network operators need to fight global phenomena such as botnets, but they are hampered by the fact that operators can observe only the traffic in their local domains. We propose a collaborative approach to this problem, in which operators share aggregate information about the traffic in their respective domains through an automated query mechanism. We argue that existing work on differential privacy and type systems can be leveraged to build a programmable query mechanism that can express a wide range of queries while limiting what can be learned about individual customers. We report on our progress towards building such a mechanism, and we discuss opportunities and challenges of the collaborative security approach.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124145452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 35
The robustness of a new CAPTCHA 新验证码的健壮性
European Workshop on System Security Pub Date : 2010-04-13 DOI: 10.1145/1752046.1752052
A. E. Ahmad, Jeff Yan, L. Marshall
{"title":"The robustness of a new CAPTCHA","authors":"A. E. Ahmad, Jeff Yan, L. Marshall","doi":"10.1145/1752046.1752052","DOIUrl":"https://doi.org/10.1145/1752046.1752052","url":null,"abstract":"CAPTCHA is a standard security technology that presents tests to tell computers and humans apart. In this paper, we examine the security of a new CAPTCHA that was deployed until very recently by Megaupload, a leading online storage and delivery website. The security of this scheme relies on a novel segmentation resistance mechanism. However, we show that this CAPTCHA can be segmented using a simple but new automated attack with a success rate of 78%. It takes about 120 ms on average to segment each challenge on a standard desktop computer.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"42 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122742626","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 85
Detecting Wikipedia vandalism via spatio-temporal analysis of revision metadata? 通过修订元数据的时空分析来检测维基百科的破坏行为?
European Workshop on System Security Pub Date : 2010-04-13 DOI: 10.1145/1752046.1752050
Andrew G. West, Sampath Kannan, Insup Lee
{"title":"Detecting Wikipedia vandalism via spatio-temporal analysis of revision metadata?","authors":"Andrew G. West, Sampath Kannan, Insup Lee","doi":"10.1145/1752046.1752050","DOIUrl":"https://doi.org/10.1145/1752046.1752050","url":null,"abstract":"Blatantly unproductive edits undermine the quality of the collaboratively-edited encyclopedia, Wikipedia. They not only disseminate dishonest and offensive content, but force editors to waste time undoing such acts of vandalism. Language-processing has been applied to combat these malicious edits, but as with email spam, these filters are evadable and computationally complex. Meanwhile, recent research has shown spatial and temporal features effective in mitigating email spam, while being lightweight and robust.\u0000 In this paper, we leverage the spatio-temporal properties of revision metadata to detect vandalism on Wikipedia. An administrative form of reversion called rollback enables the tagging of malicious edits, which are contrasted with non-offending edits in numerous dimensions. Crucially, none of these features require inspection of the article or revision text. Ultimately, a classifier is produced which flags vandalism at performance comparable to the natural-language efforts we intend to complement (85% accuracy at 50% recall). The classifier is scalable (processing 100+ edits a second) and has been used to locate over 5,000 manually-confirmed incidents of vandalism outside our labeled set.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124548928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 92
Managing intrusion detection rule sets 管理入侵检测规则集
European Workshop on System Security Pub Date : 2010-04-13 DOI: 10.1145/1752046.1752051
Natalia Stakhanova, A. Ghorbani
{"title":"Managing intrusion detection rule sets","authors":"Natalia Stakhanova, A. Ghorbani","doi":"10.1145/1752046.1752051","DOIUrl":"https://doi.org/10.1145/1752046.1752051","url":null,"abstract":"The prevalent use of the signature-based approach in modern intrusion detection systems (IDS) emphasizes the importance of the efficient management of the employed signature sets. With the constant discovery of new threats and vulnerabilities, the complexity and size of signature sets reach the point where the manual management of rules becomes a challenging (if not impossible) task for the system administrators. While the automated support of signature management is desirable, the main difficulty that arises in this context is the diversity in syntactical representations of signatures generally allowed in IDS. In this paper, we focus on the automated approach to signature management. Specifically, we propose a model for signature analysis that brings out the semantic inconsistencies in the IDS rule sets. To address the syntactical diversity of the signatures, we use the strengths of a nondeterministic automaton (NFA) and model the individual rules as finite machines to analyze their equivalence. The effectiveness of the proposed approach is evaluated on two collections of attack signatures: the rule sets of the open source Snort IDS and Bleeding Edge Threats.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130799242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Practical protection for personal storage in the cloud 实用的云端个人存储保护
European Workshop on System Security Pub Date : 2010-04-13 DOI: 10.1145/1752046.1752048
N. Walfield, P. Stanton, J. Griffin, R. Burns
{"title":"Practical protection for personal storage in the cloud","authors":"N. Walfield, P. Stanton, J. Griffin, R. Burns","doi":"10.1145/1752046.1752048","DOIUrl":"https://doi.org/10.1145/1752046.1752048","url":null,"abstract":"We present a storage management framework for Web 2.0 services that places users back in control of their data. Current Web services complicate data management due to data lock-in and lack usable protection mechanisms, which makes cross-service sharing risky. Our framework allows multiple Web services shared access to a single copy of data that resides on a personal storage repository, which the user acquires from a cloud storage provider. Access control is based on hierarchically, filtered views, which simplify cross-cutting policies, and enable least privilege management. We also integrate a powerbox [16], which allows applications to request additional authority at run time thereby enabling applications running under a least privilege regime to provide useful open and save as dialogs.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"2672 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125779567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
AESSE: a cold-boot resistant implementation of AES AESSE: AES的抗冷启动实现
European Workshop on System Security Pub Date : 2010-04-13 DOI: 10.1145/1752046.1752053
Tilo Müller, Andreas Dewald, F. Freiling
{"title":"AESSE: a cold-boot resistant implementation of AES","authors":"Tilo Müller, Andreas Dewald, F. Freiling","doi":"10.1145/1752046.1752053","DOIUrl":"https://doi.org/10.1145/1752046.1752053","url":null,"abstract":"Cold boot attacks exploit the fact that memory contents fade with time and that most of them can be retrieved after a short power-down (reboot). These attacks aim at retrieving encryption keys from memory to thwart disk drive encryption. We present a method to implement disk drive encryption that is resistant to cold boot attacks. More specifically, we implemented AES and integrated it into the Linux kernel in such a way that neither the secret key nor any parts of it leave the processor. To achieve this, we used the SSE (streaming SIMD extensions) available in modern Intel processors in a non-standard way. We show that the performance penalty is acceptable and present a brief security analysis of the system.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123590090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 67
Improving the accuracy of network intrusion detection systems under load using selective packet discarding 利用选择性丢包提高负载下网络入侵检测系统的准确性
European Workshop on System Security Pub Date : 2010-04-13 DOI: 10.1145/1752046.1752049
A. Papadogiannakis, M. Polychronakis, E. Markatos
{"title":"Improving the accuracy of network intrusion detection systems under load using selective packet discarding","authors":"A. Papadogiannakis, M. Polychronakis, E. Markatos","doi":"10.1145/1752046.1752049","DOIUrl":"https://doi.org/10.1145/1752046.1752049","url":null,"abstract":"Under conditions of heavy traffic load or sudden traffic bursts, the peak processing throughput of network intrusion detection systems (NIDS) may not be sufficient for inspecting all monitored traffic, and the packet capturing subsystem inevitably drops excess arriving packets before delivering them to the NIDS. This impedes the detection ability of the system and leads to missed attacks. In this work we present selective packet discarding, a best effort approach that enables the NIDS to anticipate overload conditions and minimize their impact on attack detection. Instead of letting the packet capturing subsystem randomly drop arriving packets, the NIDS proactively discards packets that are less likely to affect its detection accuracy, and focuses on the traffic at the early stages of each network flow. We present the design of selective packet discarding and its implementation in Snort NIDS. Our experiments show that selective packet discarding significantly improves the detection accuracy of Snort under increased traffic load, allowing it to detect attacks that would have otherwise been missed.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116671879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 58
Breaking the memory secrecy assumption 打破了内存保密的假设
European Workshop on System Security Pub Date : 2009-03-31 DOI: 10.1145/1519144.1519145
Raoul Strackx, Yves Younan, Pieter Philippaerts, F. Piessens, Sven Lachmund, T. Walter
{"title":"Breaking the memory secrecy assumption","authors":"Raoul Strackx, Yves Younan, Pieter Philippaerts, F. Piessens, Sven Lachmund, T. Walter","doi":"10.1145/1519144.1519145","DOIUrl":"https://doi.org/10.1145/1519144.1519145","url":null,"abstract":"Many countermeasures exist that attempt to protect against buffer overflow attacks on applications written in C and C++. The most widely deployed countermeasures rely on artificially introducing randomness in the memory image of the application. StackGuard and similar systems, for instance, will insert a random value before the return address on the stack, and Address Space Layout Randomization (ASLR) will make the location of stack and/or heap less predictable for an attacker.\u0000 A critical assumption in these probabilistic countermeasures is that attackers cannot read the contents of memory. In this paper we show that this assumption is not always justified. We identify a new class of vulnerabilities -- buffer overreads -- that occur in practice and that can be exploited to read parts of the memory contents of a process running a vulnerable application. We describe in detail how to exploit an application protected by both ASLR and stack canaries, if the application contains both a buffer overread and a buffer overflow vulnerability.\u0000 We also provide a detailed discussion of how this vulnerability affects other, less widely deployed probabilistic countermeasures such as memory obfuscation and instruction set randomization.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123990922","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 189
Preventing identity theft with electronic identity cards and the trusted platform module 通过电子身份证和可信平台模块防止身份盗窃
European Workshop on System Security Pub Date : 2009-03-31 DOI: 10.1145/1519144.1519151
A. Klenk, Holger Kinkelin, Christoph Eunicke, G. Carle
{"title":"Preventing identity theft with electronic identity cards and the trusted platform module","authors":"A. Klenk, Holger Kinkelin, Christoph Eunicke, G. Carle","doi":"10.1145/1519144.1519151","DOIUrl":"https://doi.org/10.1145/1519144.1519151","url":null,"abstract":"Together with the rapidly growing number of services in the Internet, authentication becomes an issue of increasing importance. A very common situation is that for each service, users must remember the associated name and password they are registered under. This method is prone to identity theft and its usability leaves much to be desired. The Trusted Platform Module (TPM) is a microcontroller with cryptographic functions that is integrated into many computers. It is capable to protect against software attacks. TPM can generate and store non-migratable keying material for authentication and is an effective safeguard against the acquisition and use of an identity by an adversary. Even though TPM prohibits identity theft, Internet services still have few options to verify the true identity of a user. Electronic identity cards (eID) assert for the identity of their owner. Their large-scale deployment can be expected in the near future. The use of eIDs is impaired, though. They must be present for each authentication, and all devices must be equipped with a compatible card reader. We mitigate the problems of both approaches by using eIDs for establishing trust in user specific TPM authentication credentials. The eID and a compatible reader must be present only at one time for establishing the initial trust. We integrated our identity theft resistant authentication method with the OpenID identity system to allow a large number of services to profit from verified and trustworthy identity assertions.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116626664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信